WordPress.org

Security Scorecard

Score

21F

Total CVEs

527

Patch Rate

2%

8 patched

Avg Response

-

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical6

High36

Medium483

Low2

Patch Status

Patched8 (2%)

Partial/Workaround0 (0%)

Unpatched519 (98%)

CVEs (619)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-9493	Admin Menu Editor Vulnerability	MEDIUM	6.4	101d	Unpatched
CVE-2025-9085	SQL Injection in WordPress User Registration & Membership Plugin	MEDIUM	4.9	102d	Unpatched
CVE-2025-9990	WordPress Helpdesk Integration Plugin Vulnerability	HIGH	8.1	100d	Unpatched
CVE-2025-9616	PopAd Cross-Site Request Forgery	MEDIUM	5.3	103d	Unpatched
CVE-2025-9519	Easy Timer Plugin Vulnerability	HIGH	7.2	103d	Unpatched
CVE-2025-9518	WordPress aTec Debug Plugin Vulnerability	HIGH	7.2	103d	Unpatched
CVE-2025-9516	aTec Debug Plugin Vulnerability	MEDIUM	4.9	103d	Unpatched
CVE-2025-6085	Make Connector Plugin Vulnerability	HIGH	7.2	109d	Unpatched
CVE-2025-9378	Vayu Blocks Vulnerability	MEDIUM	6.4	105d	Unpatched
CVE-2025-9219	Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications Vulnerability	MEDIUM	4.3	105d	Unpatched