Gosman76, es que las vulnerabilidades encontradas a wordpress son más dependientes del código, aquí tienes las vulnerabilidades más recientes reportadas:
29.10.2007 : WordPress "posts_columns" Parameter Cross Site Scripting Vulnerability
http://www.frsirt.com/english/advisories/2007/3640
--------------------------------------------------------------------------
13.09.2007 : Wordpress Multiple Parameter Cross Site Scripting and SQL Injection Issues
http://www.frsirt.com/english/advisories/2007/3132
--------------------------------------------------------------------------
31.08.2007 : Fedora Security Update Fixes WordPress Cross Site Scripting Vulnerability
http://www.frsirt.com/english/advisories/2007/3016
--------------------------------------------------------------------------
01.08.2007 : WordPress "style" Parameter Processing Cross Site Scripting Vulnerability
http://www.frsirt.com/english/advisories/2007/2744
--------------------------------------------------------------------------
26.06.2007 : WordPress Security Update Fixes Code Execution and SQL Injection Vulnerabilities
http://www.frsirt.com/english/advisories/2007/2332
--------------------------------------------------------------------------
11.06.2007 : Security Update Fixes WordPress XML-RPC SQL Injection Vulnerability
http://www.frsirt.com/english/advisories/2007/2114
---------------------------------------------------------------------------
07.06.2007 : WordPress XML-RPC Interface "wp_suggestCategories()" SQL Injection Vulnerability
http://www.frsirt.com/english/advisories/2007/2099
---------------------------------------------------------------------------
21.05.2007 : WordPress "cookie" Parameter Handling Remote SQL Query Injection Vulnerability
http://www.frsirt.com/english/advisories/2007/1889