Wordfence Statistics

WordPress vulnerability tracking from 2025 onwards

Sync Status

Synced
9625
Total Vulnerabilities
505
Critical Severity
1474
High Severity
708
Popular Plugins Affected

Vulnerability Distribution

Breakdown of vulnerabilities by severity and type

Severity Distribution

Top Vulnerability Types (CWE)

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 3807
CWE-862: Missing Authorization 1626
CWE-352: Cross-Site Request Forgery (CSRF) 1376
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 580
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 536
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 249
CWE-502: Deserialization of Untrusted Data 241
CWE-434: Unrestricted Upload of File with Dangerous Type 217
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 186
CWE-639: Authorization Bypass Through User-Controlled Key 120

Yearly Trends

Vulnerability counts by year

Vulnerabilities by Year

Patched Status

Patched: 4959 Unpatched: 4666

Monthly Trends

Recent vulnerability discovery trends

Monthly Vulnerability Discoveries

Most Affected Plugins

Plugins with the highest vulnerability counts

Top Vulnerable Plugins

ProfileGrid – User Profiles, Groups and Communities 6,000 total installs
13 2 High
Travel Booking WordPress Theme 0 total installs
13 2 Critical 3 High
GiveWP – Donation Plugin and Fundraising Platform 100,000 total installs
12 2 Critical 1 High
SureForms – Contact Form, Payment Form & Other Custom Form Builder 300,000 total installs
12 3 High
Download Manager 100,000 total installs
11 2 High
Houzez 0 total installs
11 3 High
Royal Addons for Elementor – Addons and Templates Kit for Elementor 600,000 total installs
11
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin 60,000 total installs
11 1 Critical 1 High
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) 10,000 total installs
11 1 Critical 8 High
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 1,000 total installs
10 2 High
ELEX WordPress HelpDesk & Customer Ticketing System 300 total installs
10 1 Critical 2 High
LearnPress – WordPress LMS Plugin 80,000 total installs
10
School Management System for Wordpress 0 total installs
10 4 High
Welcart e-Commerce 20,000 total installs
10 1 High
WPBookit 10 total installs
10 5 Critical 2 High

Top 10 Plugins Chart

Popular Plugin Alerts

High impact vulnerabilities in plugins with 10k+ installs

44
Critical in Popular Plugins
254
High in Popular Plugins
View Advanced Plugins