These are all very good points, coming from someone in a agency/consulting shop. Big things I find are being able to communicate effectively with non-technical folks, budget accurately, and knowing when to ask for help vs. hammering something out.
Eh, it wasn't WordPress per se, but a plugin. This plugin's vulnerability was also posted YEARS ago. So I wouldn't blame WP (in this case).
As a dev, I've come across plenty of out of date CMS/ modules/ plugins that had huge security holes in them. It's part of the 'build and forget' mentality that seems to be widespread these days.
You're able to make better mental connections and decisions when you're well rested, ultimately leading to growth as a developer.