wordfence / statistics · 13,127 indexed

Wordfence statistics

Live view of the WordPress plugin and theme vulnerability ecosystem, pulled from Wordfence Intelligence.

sync failed May 17, 00:17Z
total vulns
13,127
since 2025
critical
618
4% of total
high
2,536
19%
popular affected
873
10k+ installs
patched
57%
7,558 fixed · 5,569 open
01

Distribution

severity · monthly
monthly discoveries last 12 mo
severity share
critical 618 · 4%
high 2,536 · 19%
medium 9,924 · 75%
low 49 · 0%
02

Trends

yearly · patched share
vulnerabilities by year 2 years
patched status 7,558 / 13,127
03

Hot zones

CWE classes · top plugins
top CWE classes top 20
CWE-79 · Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 4,771
CWE-862 · Missing Authorization 2,541
CWE-352 · Cross-Site Request Forgery (CSRF) 1,541
CWE-98 · Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 981
CWE-89 · Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 748
CWE-502 · Deserialization of Untrusted Data 409
CWE-200 · Exposure of Sensitive Information to an Unauthorized Actor 360
CWE-434 · Unrestricted Upload of File with Dangerous Type 292
CWE-22 · Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 273
CWE-639 · Authorization Bypass Through User-Controlled Key 220
top vulnerable plugins by vuln count
Royal Addons for Elementor – Addons and Templates Kit for Elementor
royal-elementor-addons · 600,000 installs
3 high 25
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
user-registration · 60,000 installs
3 crit 2 high 24
LatePoint – Calendar Booking Plugin for Appointments and Events
latepoint · 100,000 installs
1 crit 8 high 23
Tutor LMS – eLearning and online course solution
tutor · 100,000 installs
3 high 23
ProfileGrid – User Profiles, Groups and Communities
profilegrid-user-profiles-groups-and-communities · 6,000 installs
3 high 21
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe
contest-gallery · 1,000 installs
5 high 19
Download Manager
download-manager · 100,000 installs
2 high 17
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
learnpress · 70,000 installs
1 crit 16
Travel Booking WordPress Theme
traveler · 0 installs
2 crit 4 high 16
wpForo Forum
wpforo · 20,000 installs
9 high 16
Forminator Forms – Contact Form, Payment Form & Custom Form Builder
forminator · 600,000 installs
3 high 15
GiveWP – Donation Plugin and Fundraising Platform
give · 100,000 installs
2 crit 1 high 15
JetEngine
jet-engine · 0 installs
7 high 15
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
simply-schedule-appointments · 60,000 installs
6 high 15
SureForms – Contact Form, Payment Form & Other Custom Form Builder
sureforms · 500,000 installs
5 high 15
04

Top 10 plugins · chart

vulnerabilities · descending
top 10 by vuln count horizontal bars
05

Popular plugin alerts

10k+ installs · high impact
critical · popular10k+
618
69 affecting widely-used plugins
high · popular10k+
444
amber-zone risk · 10k+ install reach
browse popular
view advanced plugins →
filterable table · severity · CWE · install threshold