WordPress.org
Security Scorecard
Score
21F
Total CVEs
527
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical6
High36
Medium483
Low2
Patch Status
Patched8 (2%)
Partial/Workaround0 (0%)
Unpatched519 (98%)
CVEs (619)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2024-10124 | Vayu Blocks Gutenberg Block Vulnerability | CRITICAL | 9.8 | 367d | Unpatched |
| CVE-2016-15040 | Kento Post View Counter SQL Injection | CRITICAL | 9.8 | 433d | Unpatched |
| CVE-2017-20192 | Formidable Form Builder Plugin Vulnerability | HIGH | 8.3 | 433d | Unpatched |
| CVE-2019-25216 | Rich Review Plugin Vulnerability | HIGH | 7.2 | 433d | Unpatched |
| CVE-2024-43918 | WBW Product Table PRO SQL Injection | CRITICAL | 10.0 | 481d | Unpatched |
| CVE-2024-6028 | Quiz Maker SQL Injection | CRITICAL | 9.8 | - | Patched |
| CVE-2024-3605 | WP Hotel Booking Plugin SQL Injection | CRITICAL | 10.0 | 551d | Unpatched |
| CVE-2025-13740 | Lightweight Accordion Vulnerability | N/A | - | 0d | Unpatched |
| CVE-2025-12684 | URL Shortify Vulnerability | N/A | - | 0d | Unpatched |
| CVE-2025-13355 | URL Shortify Vulnerability | N/A | - | 0d | Unpatched |