Patchstack 2024: 1,614 plugins and themes removed from .org repo for unpatched security issues

reference·Scope: business·Status: current

Created 2026-05-22

Quote (Patchstack State of WordPress Security 2025):

"1,614 plugins and themes were removed from the WordPress repository for unpatched security issues" in 2024; "1,450 had High and Medium priority vulnerabilities" and "33% of vulnerabilities were not fixed in time for public disclosure."

Source: https://patchstack.com/whitepaper/state-of-wordpress-security-in-2025/

Confidence: Verified.

Operational implication: If a site depends on any plugin in the 1,614, the only "upgrade path" is removal. Patchstack's October 2024 cleanup event alone closed 977 plugins (~1.1% of the repo). Site lifespan is bounded by the maintenance posture of the longest-tail plugin in the stack.

reference Patchstack 2024: 4,166 new vulnerabilities, 96% in plugins, 4% in themes, only 7 in core

Patchstack 2024: 1,614 plugins and themes removed from .org repo for unpatched security issues

Related

Referenced by (2)