WordPress being an open source script has its code publicly available. It means anyone willing to contribute can build on top of others’ work. This is how WordPress software gets developed. The WordPress security team cannot always be on top of security vulnerabilities because it is difficult to address something which is not even discovered yet.
Get fresh WordPress Content delivered in your inbox with warpspeed!