WordPress.org
Security Scorecard
Score
21F
Total CVEs
526
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical6
High35
Medium483
Low2
Patch Status
Patched8 (2%)
Partial/Workaround0 (0%)
Unpatched518 (98%)
CVEs (618)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-63066 | Porto Theme Functionality Cross-site Scripting Vulnerability | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-67533 | Themify Portfolio Post XSS | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-67548 | CVE-2025-67548 | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-67551 | Wappointment XSS | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-67552 | Walker Core XSS Vulnerability | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-67554 | Cookie Notice & Compliance for GDPR / CCPA Plugin Vulnerability | MEDIUM | 5.9 | 5d | Unpatched |
| CVE-2025-63034 | Steve Truman Page View Count Vulnerability | MEDIUM | 5.4 | 5d | Unpatched |
| CVE-2025-62865 | Evan Herman Post Cloner Vulnerability | MEDIUM | 5.3 | 5d | Unpatched |
| CVE-2025-67563 | Post SMTP Plugin Vulnerability | MEDIUM | 5.3 | 5d | Unpatched |
| CVE-2025-67575 | Sitewide Notice WP Vulnerability | MEDIUM | 5.3 | 5d | Unpatched |