A report by Patchstack WordPress security company has revealed that WordPress sites are being targeted at a faster rate due to faster exploitation of vulnerabilities. The report suggests that hackers are exploiting vulnerabilities before many sites can patch them. The delay between discovery and patching is causing site owners to become more vulnerable. The volume of disclosed vulnerabilities rose sharply in 2025, with most being found in plugins rather than WordPress core. This increase largely came from premium components on marketplaces like Envato, highlighting a security visibility issue as these components are not readily available to security researchers. The study also identified an expanding application layer that includes custom-coded and third-party software libraries or packages (like JavaScript or PHP components). The findings suggest that high percentage of vulnerabilities found in premium components were exploitable in real-world attacks.