diff --git a/tests/unit/WpscanReportCommentFormatResultTest.php b/tests/unit/WpscanReportCommentFormatResultTest.php
index e45bec4fc..4ffd829c3 100644
--- a/tests/unit/WpscanReportCommentFormatResultTest.php
+++ b/tests/unit/WpscanReportCommentFormatResultTest.php
@@ -60,6 +60,9 @@ public function testReportResultPlugin(): void {
 						array(
 							'id'    => '0100100 ;',
 							'title' => 'Security problem in My Plugin < 1.9.0',
+							'cvss'  => array(
+								'score' => '7.3',
+							),
 						),
 					),
 				),
@@ -171,6 +174,16 @@ public function testReportResultPlugin(): void {
 			VIPGOCI_WPSCAN_BASE_URL . '/vulnerability/0100100%20%3B',
 			$report_str
 		);
+
+		$this->assertStringContainsString(
+			'Severity',
+			$report_str
+		);
+
+		$this->assertStringContainsString(
+			'7.3/10 (HIGH)',
+			$report_str
+		);
 	}
 
 	/**
@@ -198,6 +211,9 @@ public function testReportResultTheme(): void {
 						array(
 							'id'    => '0100100',
 							'title' => 'Security problem in My Theme',
+							'cvss'  => array(
+								'score' => '5.0',
+							),
 						),
 					),
 				),
@@ -309,6 +325,16 @@ public function testReportResultTheme(): void {
 			VIPGOCI_WPSCAN_BASE_URL . '/vulnerability/0100100',
 			$report_str
 		);
+
+		$this->assertStringContainsString(
+			'Severity',
+			$report_str
+		);
+
+		$this->assertStringContainsString(
+			'5.0/10 (MEDIUM)',
+			$report_str
+		);
 	}
 
 	/**
diff --git a/wpscan-reports.php b/wpscan-reports.php
index 1f41721f2..fa473e942 100644
--- a/wpscan-reports.php
+++ b/wpscan-reports.php
@@ -237,6 +237,20 @@ function vipgoci_wpscan_report_comment_format_result(
 		$res .= "\n\r";
 
 		foreach ( $issue['details']['vulnerabilities'] as $vuln_item ) {
+			if (
+				( ! isset( $vuln_item['id'] ) ) ||
+				( ! isset( $vuln_item['title'] ) )
+			) {
+				vipgoci_log(
+					'Vulnerability detail item from WPScan API is invalid, missing fields',
+					array(
+						'vuln_item' => $vuln_item,
+					)
+				);
+
+				continue;
+			}
+
 			$res .= '### &#x1f512; Security information' . "\n"; // Header markup and lock sign.
 
 			/*
@@ -257,13 +271,20 @@ function vipgoci_wpscan_report_comment_format_result(
 			) . "\n";
 
 			// May not be included, enterprise only feature.
-			if ( isset( $vuln_item['cvss']['score'] ) ) {
-				// Escape severity as float.
-				$res .= '**Severity**: ' . ( (float) $vuln_item['cvss']['score'] ) . '/10 (';
+			if (
+				( isset( $vuln_item['cvss']['score'] ) ) &&
+				( is_numeric( $vuln_item['cvss']['score'] ) )
+			) {
+				// Output severity as float.
+				$res .= '**Severity**: ';
+				$res .= sprintf( '%.1f', (float) $vuln_item['cvss']['score'] );
+				$res .= '/10 (';
 
 				// Escape output string.
 				$res .= vipgoci_output_markdown_escape(
-					vipgoci_wpscan_report_format_cvss_score( $vuln_item['cvss']['score'] )
+					vipgoci_wpscan_report_format_cvss_score(
+						(float) $vuln_item['cvss']['score']
+					)
 				);
 
 				$res .= ')' . "\n";