What weakens WordPress?

A big question around WordPress is why do the websites get compromised externally? The WordPress itself is very strong and safe; but what makes it weak?

It may be primarily the contributed plugins that are not upto the good security standards! It is likely that a plugin is weak, but popular and used over websites.

Always use trusted plugins only.

And if you are using weaker plugin, regulate the usage by your users.