One of our clients WP site was hacked a couple of days ago. Everything was up to date. They got in through a very popular plugin.

Based on our data, the three CMS platforms most being affected are WordPress, Joomla! and Magento. This does not imply these platforms are more or less secure than others.

Last time I looked, those just happen to be the three most popular CMS platforms, so doesn't it simply imply that it's the CMS concept itself that leads to vulnerabilities?

:: detour to article ::

This user adoption however brings about serious challenges to the internet as a whole as it introduces a large influx of unskilled webmasters

What he said.

>>three most popular CMS platforms

Exactly. I sometimes see people take the number of vulnerabilities, including zero-day, as a measure of how insecure a system is. I have to ask them, "Do you know of a speed trap near your home where the cops like to hang out?"

"Yes"

"Do they catch a lot speeders there?"

"Yes"

"Is that because those people speed only there, but otherwise observe the speed limit?"

three most popular CMS platforms

I think Drupal is ahead of Magento. Wordpress seems to be over-represented compared to market share, also.

When webmastering is reduced to plug and play functionality for Tom, Dick, and Harry that then becomes the weak link.

ALL websites are at risk. Given.

ALL CMS style websites are more prone to risk. Given.

Human nature (the only thing more common than hydrogen in the universe is human stupidity) being what it is: "path of least insistence (sic)" there's no doubt that unskilled webmasters will be more vulnerable due to reliance on third parties (plugins) for performance and functionality they have no clue on how to code.

Wordpress seems to be over-represented compared to market share, also.

It does, but remember that this is based on cases actually brought to Sucuri who markets the Wordpress community heavily which is also a community with a lot of unskilled webmasters who have to hire out even simple cleanups.