Third party plugins make an up-to-date WP install insecure. I think Core WordPress is probably more battle tested than any other framework. One could argue the core should protect against bad plugins, but a secure plugin API would mean a non-functional API.
7 comments
[ 3.5 ms ] story [ 20.2 ms ] thread