Unless a Wordpress site is hardened and continually updated, it will likely be hacked. Because of it's vast popularity, it will be under constant attack.

Even though the core code is considered to be secure, the add-ons are frequently breached. Once breached, a clever hacker can take over the entire server. So do your research and be careful.

In a typical week, 30-40 individual wordpress plugins and themes saw at least one vulnerability surface. https://solidwp.com/blog/the-2022-wordpress-vulnerability-annual-report/