Originally Posted by 24x7server
Yea, unfortunately, that's the truth. :/
While investigating our client's issue, we have seen so many abandoned plugins that are currently available for installation from the WordPress plugin repository that appear to have vulnerabilities that have not been fixed. The interesting fact is those plugins have not been modified for 2 years or more and some of them have thousands of active installs. LOL
This is a indirect result of Gutenberg IMO. Theme developers and plugin developers who helped make this platform what it is are stopping looking for alternatives as gutenberg is set to replace alot of what can be done via outside resources. Some are fighting it and some are trying to integrate with it.
Also as you have mentioned people install plugins for almost every reason because most people on WordPress dont even know how to optimise a image without a plugin let alone any other programming or website building functions.
Ofcourse as we know php is a patchy language that is constantly getting checked and updated for issues. If you arent updating you will have vulnerabilities. Its not wordpress, its not php, ive seen very secure wordpress sites and very secure payment gateways written in php...
Its the people who use the plugins and dont know what theire really doing that is the real problem. With gutenberg, it will only get worse.