WordPress.org
Security Scorecard
Score
21F
Total CVEs
527
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical6
High36
Medium483
Low2
Patch Status
Patched8 (2%)
Partial/Workaround0 (0%)
Unpatched519 (98%)
CVEs (619)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-9618 | Cross-Site Request Forgery in Related Posts Lite Plugin | MEDIUM | 4.3 | 108d | Unpatched |
| CVE-2025-9374 | UTW Importer Plugin Vulnerability | MEDIUM | 4.3 | 110d | Unpatched |
| CVE-2025-9376 | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Vulnerability | MEDIUM | 6.5 | 111d | Unpatched |
| CVE-2025-9346 | WordPress Booking Calendar Plugin Vulnerability | MEDIUM | 6.4 | 111d | Unpatched |
| CVE-2025-9277 | SiteSEO Vulnerability | MEDIUM | 6.4 | 113d | Unpatched |
| CVE-2025-9172 | Vibes Plugin SQL Injection | HIGH | 7.5 | 113d | Unpatched |
| CVE-2025-9331 | WordPress Spacious Theme Vulnerability | MEDIUM | 4.3 | 117d | Unpatched |
| CVE-2015-10144 | WP Responsive Thumbnail Slider Vulnerability | HIGH | 8.8 | 144d | Unpatched |
| CVE-2015-10133 | Subscribe to Comments Vulnerability | HIGH | 7.2 | 157d | Unpatched |
| CVE-2024-11613 | Wordpress File Upload Plugin Vulnerability | CRITICAL | 9.8 | - | Patched |