For example, there is a script to enlarge photos in the middle of the page, by clicking on them. Commonly used at the beginning of the decade, a flaw involving this script infected millions of websites. Many security sites have reported the flaw and subsequently released a patch to manually patch the relevant themes. It is rare to have to update a theme, but sometimes the danger is critical and people can either modify it on their own or apply the update set by the theme’s developer. Professional maintenance services can easily handle this issue. However, people should be careful to update their themes without losing the customizations made to the site’s graphics.
If your WordPress installation allows a user to publish content, many features of their site are included in what are called “extensions”. These are plugins that are added to the site to fulfill a specific function (generate contact forms, propose an online store, add share buttons, etc.). Some of its extensions are even dedicated to security (antivirus, firewall, tool hiding some information from WordPress…) and are not visible on the website. These extensions are designed and maintained by independent, amateur or professional developers (companies that offer free and paid extensions). These can be updated at any time and can relate to security issues as well as extensions.
When the new version of an extension is available, users receive a notification. Probably the most sensitive part of a website, extensions must be compatible with that website’s version of WordPress. Some extensions are abandoned or are not updated quickly enough and lose their compatibility with the site’s WordPress installation. The extension then causes malfunctions on a site may no longer display said extension at all!