You may wonder if WordPress is a secured platform for your website. It is indeed a secured platform if you follow the WordPress security best practices. It is a globally popular Content Management System with a dedicated IT support team working on security patches as and when the users raise any valid complaint. It is your responsibility to update WordPress to harden your website security. When using the third party plugins, themes, and other supporting applications, you must ensure if it is reliable or not.
WordPress Project team ensures to help you fix the bugs that affect the core, else asks you to uninstall the corrupted applications. This team takes the responsibility of reaching out to the developers who submit a theme or a plugin with security issues to WordPress and ensures they follow the best practices to avoid security vulnerabilities.
It is clear, as a WordPress user, you also have to shoulder the responsibility of wisely choosing the supporting applications and following the best practices.