This is an older article, but still relevant as I am hearing some sites are still being compromised by hack exploits. WordPress is pretty stable, but as you can see adding 3rd party plug-ins can make it vulnerable to attacks. It also good to keep the sites and plug-ins up-to-date, and always check third party plug-ins before using them. So, if you run a Word Press site with these third party plug-ins listed below, you will want to check out this post below and double check your site.
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed
To be honest, the sites I had used some cache plug-ins, I deleted and removed the plugins. I didn’t trust it after seeing the results of sites being hi-jacked, and reading this article by Tony. Thanks to Tony Perez for posting on his blog at the above link. But as always, review and make your own judgement.
William's Grab Bag 