This is an older article, but still relevant as I am hearing some sites are still being compromised by hack exploits. WordPress is pretty stable, but as you can see adding 3rd party plug-ins can make it vulnerable to attacks. It also good to keep the sites and plug-ins up-to-date, and always check third party plug-ins before using them. So, if you run a Word Press site with these third party plug-ins listed below, you will want to check out this post below and double check your site.
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed
To be honest, the sites I had used some cache plug-ins, I deleted and removed the plugins. I didn’t trust it after seeing the results of sites being hi-jacked, and reading this article by Tony. Thanks to Tony Perez for posting on his blog at the above link. But as always, review and make your own judgement.