When doing a Penetration testing exercise against Web applications, you will always come across to up-to-date WordPress instances. No public CVEs and no publicly known exploits for WordPress Core and WordPress Plugins. And yet, is the website really secure?
Security Café 