Vulnerabilities in popular content management system (CMS) WordPress are growing at a rapid rate, up 30 percent in 2018, according to new web application bug research. The most common of these vulnerabilities are related to injection, such as SQL injection, command injection and object injection. More than half of these web app vulnerabilities have a public exploit available to hackers, and a third of web application vulnerabilities don t even have any available solution, including a workaround or patch. WordPress is used by 59 percent of all websites using a known CMS system.
Source: https://threatpost.com/threatlist-wordpress-vulnerabilities/140690/