Wordpress has been plagued by security issues. The problem has been getting worse as an increasing number of updates have been targeting medium to critical level exploits. With administrators getting patchy on updates due to template and plugin API breaks, even between minor versions.
This API inconsistency usually results in developers delaying or skipping some updates while they implement fixes for components that may break. As a result, there is a variety of insecure Wordpress installations in the wild providing a large pool of exploitable sites.
The solution for risk mitigation? Vigilantly keep your CMS up to date - within the first 12 hours of a security patch. If your applications break between updates making this an unrealistic task, then consider switching to a CMS/Framework that works better for your project.
Read More: Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages