Ecosystem Report
WordPress Ecosystem Health Report
Aggregate security and code quality statistics across all publicly audited WordPress plugins and themes.
Last updated: Jul 05, 2026, 05:44 PM
Plugins Audited
995
Themes Audited
0
Avg Standards Score
100/100
Known CVEs Found
0
Total Audits
1000
Avg Findings / Audit
47.9
Secrets Detected
489
Total Plugins + Themes
995
Risk Distribution
How audited plugins and themes are distributed across risk levels.
Critical36(3.6%)
High725(72.5%)
Medium238(23.8%)
Low1(0.1%)
Top Vulnerability Categories
Most common finding categories across all public audits.
1
PHP Compatibility175546
2
Internationalization42919
3
Plugin Conflicts41704
4
Performance26837
5
Type Safety25151
6
hook-wiring14480
7
WordPress Compatibility12671
8
database3685
9
WooCommerce Compatibility3373
10
Accessibility1888
PHP Compatibility Landscape
Highest PHP version required across audited plugins.
PHP 5.6
542
plugins
PHP 8.0
1395
plugins
PHP 8.1
186
plugins
PHP 8.2
35
plugins
PHP 8.4
8
plugins
Hardcoded Secrets Detected
489 plugins shipped with hardcoded API keys, tokens, or credentials in their source code.
Weekly Trends
Audit activity and quality trends over the last 12 weeks.
Audits per weekAvg standards score
| Week | Audits | Avg Risk | Avg Score | Trend |
|---|---|---|---|---|
| 2026-W26 | 467 | 2.8 | 0 | |
| 2026-W27 | 533 | 2.8 | 100 |
Audit your plugin and join the leaderboard
Get a comprehensive security, quality, and accessibility audit for your WordPress plugin or theme. Results appear on the public directory and leaderboard.
Start Free Audit