Skip to content
← All frameworks
44

WordPress

legacy php · cms · since 2003
caution ↑ 1.2 pts vs last month Updated June 2026

WordPress scores 45/100. Consider migrating to: astro, nextjs, hugo.

Recommended alternatives: astro, nextjs, hugo

Dimension breakdown
Security
22
Performance
65
Ecosystem
55
Ai Readiness
35
Developer Experience
50
Market Trajectory
75
Cost Of Ownership
35
Security

11334 total CVEs on record. 387 critical severity. 23 actively exploited (CISA KEV).

Total Cves 11,334
Critical Cves 387
Exploited Cves 23
Avg Cvss 6.1
Cves Last Year 4,200
Performance

Average performance. Room for optimization.

Ecosystem

19,500 GitHub stars. 450 contributors. 8 releases in the last year.

Stars 19,500
Contributors 450
Releases Last Year 8
Avg Issue Close Days 45
Ai Readiness

Poor AI-readiness. Built for human-browser consumption. Bloated HTML output, plugin-injected content, weak or bolted-on API support.

Structured Output 35
Api First 0.0
Headless Capable 0.0
Developer Experience

Adequate developer experience. Established patterns but some friction.

Market Trajectory
Score 75
Market Share Pct 43.0
Cost Of Ownership

High cost. Significant hosting, maintenance, and security patching burden.

Actively exploited vulnerabilities
Updated 2026-07-13
4 entries

4 confirmed vulnerabilities being actively exploited in real attacks right now. Source: CISA Known Exploited Vulnerabilities.

98% probability of exploitation within 30 days EPSS score · FIRST.org

Latest entry: 2026-04-30
WordPress scores 45/100 overall. Strongest dimension: market trajectory (75). Weakest: security (22).