CVE disclosures reached a record 48,185 in 2025, marking a 20.6% increase from 2024. The surge is primarily driven by vulnerabilities in WordPress plugins, with Patchstack and Wordfence accounting for over 10,000 CVEs. Despite the volume increase, average severity scores remained stable at 6.60 CVSS. Security teams face growing challenges in prioritization, with experts recommending focus on exploitability and automation. Forecasts suggest CVE volume could reach 55,000 in 2026, raising concerns about the scalability of traditional vulnerability management approaches.
Table of contents
2025 Showed the Impact of the “WordPress Effect” #Severity Scores Plateau as CVE Volume Accelerates #Sort: