That critique would be fair if I was talking about my one WordPress site but I'm talking about hundreds, maybe even a thousand if you count sites I've built that came and went. It's a pretty decent sample size (IMHO) both for the number of instances but also the time period (10+ years). And it's also not 300 clone sites, each one was built unique, and each has their own mix of plugins & themes.
Unless you manage every Wordpress site out there, you're biased.
YOU, are a technical person and understand the value of updates, vetting plugins, etc, yet a majority of these sites aren't run by people like you/me.
They are run by end users, with all of the baggage.
You have a point, to an extent. I wholly disagree with your stance on WP though.
It's got issues, numerous issues, and a majority of the sites aren't professionally managed.
You're worried about your fleet and that's great. I'm more concerned with the internet as a whole and Wordpress is just vuln after vuln.
I'm happy your systems are secure. That's great.
Unfortunately, that doesn't apply to the 1000s of installations done by amateurs, lax IT, etc. etc. that make the WP vulns a much bigger issue than the 300 you manage.
FTFY.
Quick, now tell us how secure Adobe products are.