As other commentards have pointed out, the Achilles heal of Wordpress is the poor quality of some of its plugins, and they should be avoided like the plague. Non-free plugins in particular are a no-no because often there is no patch available.
A lot of people mistake Wordpress for a content management system. It isn't - it's a blogging platform. If all you want to do is blog, then it's mostly OK, provided you update regularly.
If on the other hand you want a full featured CMS, take a look at https://www.concrete5.org. Last time I checked on cve.mitre.org there were barely a handful of issues listed, compared with hundreds if not thousands for Wordpress, Drupal and Joomla.