CVE disclosures reached a record 48,185 in 2025, marking a 20.6% increase from 2024. The surge is primarily driven by vulnerabilities in WordPress plugins, with Patchstack and Wordfence accounting for over 10,000 CVEs. Despite the volume increase, average severity scores remained stable at 6.60 CVSS. Security teams face growing
Table of contents
2025 Showed the Impact of the “WordPress Effect” #Severity Scores Plateau as CVE Volume Accelerates #Sort: