Wordpress. The only backdoor with a plugin system and CMS included.

I have to clean ANOTHER. Hacked WordPress site. One wrong decision and you have to support it for the life time :'(

Well, old pages using old WordPress versions, yes.

And old out of date plugins/themes

<sarcasm> Wait, wait, what's wrong with Wordpress? Why do people hate it so much?!? </sarcasm>

Wordpress is stupid! I had a conflict with plugins. I search for a solution in google and I was to downgrade one of them. Next week thesite was hacked. FUCK!

What they expect? To become a fucking wordpress crappy plugins expert? No, sir I rage migrate the site to my own static site generator engine.

Problem solved. Fuck wordpress.

the same goes for Joomla 😂

@edwrodrig still sounds like you problem was a plugin and not WordPress...

To be honest, I have no idea how much crappiness has to be in a plugin to make it exploitable. Using string concatenation for sql queries? Not checking any input? Not using API to do stuff? How many rules have to be broken to allow remote code execution? How much ruthless you have to be to allow uploading files to the server and let everyone run them?

Come on, I get that base framework might be exploitable, but if you stick to proper policies your code should be safe. Why python or ruby or node sites aren't surrendering so often? Not because language is better. Because devs using them follow the guidelines.
It seems that coding skills are not required when coding wordpress plugins. StackOverflow and Google are enough. :-\

@Treighton My fault. Wordpress ecosystem is stupid!

@edwrodrig fair enough.