Skip to main content
WP HealthKit
Ecosystem Report

WordPress Ecosystem Health Report

Aggregate security and code quality statistics across all publicly audited WordPress plugins and themes.

Last updated: Jul 05, 2026, 05:44 PM

Plugins Audited
995
Themes Audited
0
Avg Standards Score
100/100
Known CVEs Found
0
Total Audits
1000
Avg Findings / Audit
47.9
Secrets Detected
489
Total Plugins + Themes
995

Risk Distribution

How audited plugins and themes are distributed across risk levels.

Critical36(3.6%)
High725(72.5%)
Medium238(23.8%)
Low1(0.1%)

Top Vulnerability Categories

Most common finding categories across all public audits.

1
PHP Compatibility175546
2
Internationalization42919
3
Plugin Conflicts41704
4
Performance26837
5
Type Safety25151
6
hook-wiring14480
7
WordPress Compatibility12671
8
database3685
9
WooCommerce Compatibility3373
10
Accessibility1888

PHP Compatibility Landscape

Highest PHP version required across audited plugins.

PHP 5.6
542
plugins
PHP 8.0
1395
plugins
PHP 8.1
186
plugins
PHP 8.2
35
plugins
PHP 8.4
8
plugins

Hardcoded Secrets Detected

489 plugins shipped with hardcoded API keys, tokens, or credentials in their source code.

Weekly Trends

Audit activity and quality trends over the last 12 weeks.

Audits per weekAvg standards score
W26W2753301000
WeekAuditsAvg RiskAvg ScoreTrend
2026-W264672.80
2026-W275332.8100

Audit your plugin and join the leaderboard

Get a comprehensive security, quality, and accessibility audit for your WordPress plugin or theme. Results appear on the public directory and leaderboard.

Start Free Audit