Wordpress design flaw can lead to privilege escalation in its plugins:
Additionally, there was another vulnerability with CVE identifier found in October.
If you only publish blog articles and don't need WP features, use static site generators like Hugo:
Unfortunately, some bloggers still tell their users that their WP-based blog is secure while putting their users unnecessarily at risk.
mastodon.at is a microblogging site that federates with most instances on the Fediverse.