Patchstack released a mid-year vulnerability report. There is some self-congratulation of their success as Patchstack now reports far more CVE’s than others in the WordPress space, but also now they apparently file more security issues than Microsoft. An interesting insight is that more than half of the vulnerabilities reported so far this year can be exploited without needing to hack credentials or have site access.

2025 Mid-Year Vulnerability Report
Oliver Side @ patchstack.com • 16 hours ago