wordfence / statistics · 10,240 indexed

Wordfence statistics

Live view of the WordPress plugin and theme vulnerability ecosystem, pulled from Wordfence Intelligence.

sync failed Jan 28, 00:14Z
total vulns
10,240
since 2025
critical
525
5% of total
high
1,639
16%
popular affected
736
10k+ installs
patched
51%
5,267 fixed · 4,973 open
01

Distribution

severity · monthly
monthly discoveries last 12 mo
severity share
critical 525 · 5%
high 1,639 · 16%
medium 8,037 · 78%
low 39 · 0%
02

Trends

yearly · patched share
vulnerabilities by year 2 years
patched status 5,267 / 10,240
03

Hot zones

CWE classes · top plugins
top CWE classes top 10
CWE-79 · Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 3,988
CWE-862 · Missing Authorization 1,789
CWE-352 · Cross-Site Request Forgery (CSRF) 1,412
CWE-98 · Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 668
CWE-89 · Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 568
CWE-200 · Exposure of Sensitive Information to an Unauthorized Actor 266
CWE-502 · Deserialization of Untrusted Data 253
CWE-434 · Unrestricted Upload of File with Dangerous Type 230
CWE-22 · Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 198
CWE-639 · Authorization Bypass Through User-Controlled Key 141
top vulnerable plugins by vuln count
Travel Booking WordPress Theme
traveler · 0 installs
2 crit 3 high 15
GiveWP – Donation Plugin and Fundraising Platform
give · 100,000 installs
2 crit 1 high 13
ProfileGrid – User Profiles, Groups and Communities
profilegrid-user-profiles-groups-and-communities · 6,000 installs
2 high 13
SureForms – Contact Form, Payment Form & Other Custom Form Builder
sureforms · 400,000 installs
3 high 12
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin
user-registration · 60,000 installs
1 crit 1 high 12
AI Engine – The Chatbot and AI Framework for WordPress
ai-engine · 100,000 installs
1 crit 5 high 11
Download Manager
download-manager · 100,000 installs
2 high 11
Houzez
houzez · 0 installs
3 high 11
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
learnpress · 80,000 installs
11
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons · 600,000 installs
11
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
wp-event-solution · 10,000 installs
1 crit 8 high 11
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe
contest-gallery · 1,000 installs
2 high 10
ELEX WordPress HelpDesk & Customer Ticketing System
elex-helpdesk-customer-support-ticket-system · 300 installs
1 crit 2 high 10
My auctions allegro
my-auctions-allegro-free-edition · 600 installs
4 high 10
School Management System for Wordpress
school-management · 0 installs
4 high 10
04

Top 10 plugins · chart

vulnerabilities · descending
top 10 by vuln count horizontal bars
05

Popular plugin alerts

10k+ installs · high impact
critical · popular10k+
525
49 affecting widely-used plugins
high · popular10k+
271
amber-zone risk · 10k+ install reach
browse popular
view advanced plugins →
filterable table · severity · CWE · install threshold