WordPress.org

Security Scorecard

Score

21F

Total CVEs

527

Patch Rate

2%

8 patched

Avg Response

-

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical6

High36

Medium483

Low2

Patch Status

Patched8 (2%)

Partial/Workaround0 (0%)

Unpatched519 (98%)

CVEs (619)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-12900	FileBird Media Library Folders & File Manager Vulnerability	N/A	-	0d	Unpatched
CVE-2025-13367	WordPress User Registration & Membership Plugin Vulnerability	N/A	-	0d	Unpatched
CVE-2025-13610	WordPress Custom Registration Forms Plugin Vulnerability	N/A	-	0d	Unpatched
CVE-2025-13728	CVE-2025-13728	N/A	-	0d	Unpatched
CVE-2025-14383	Booking Calendar Plugin SQL Injection	N/A	-	0d	Unpatched
CVE-2025-10289	Wordpress Filter & Grids Plugin SQL Injection	N/A	-	2d	Unpatched
CVE-2025-10738	SQL Injection in Exact Links Plugin	N/A	-	2d	Unpatched
CVE-2025-11693	Export WP Page to Static HTML & PDF Plugin Vulnerability	N/A	-	2d	Unpatched
CVE-2025-11707	Login Lockdown & Protection Plugin IP Block Bypass	N/A	-	2d	Unpatched
CVE-2025-11970	Emplibot Server-Side Request Forgery Vulnerability	N/A	-	2d	Unpatched