WordPress.org
Security Scorecard
Score
21F
Total CVEs
526
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical6
High35
Medium483
Low2
Patch Status
Patched8 (2%)
Partial/Workaround0 (0%)
Unpatched518 (98%)
CVEs (618)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-14247 | Simple Shopping Cart SQL Injection | MEDIUM | 6.3 | 6d | Unpatched |
| CVE-2025-13922 | AI Autotagger Vulnerability | MEDIUM | 6.5 | 8d | Unpatched |
| CVE-2025-12717 | List Attachments Shortcode Plugin Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-13656 | Cute News Ticker Plugin Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-13856 | WordPress Extra Post Images Plugin Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-13896 | Social Feed Gallery Portfolio Plugin Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-13899 | Timthumb Plugin Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-13907 | CSS3 Buttons Vulnerability | MEDIUM | 6.4 | 8d | Unpatched |
| CVE-2025-11263 | Link Whisper Vulnerability | MEDIUM | 6.1 | 8d | Unpatched |
| CVE-2025-13894 | CVE-2025-13894 | MEDIUM | 6.1 | 8d | Unpatched |