A recent WordPress security study has indicated that outdated plugins and themes account for 63% of WordPress vulnerabilities.
Outdated versions of WordPress are extremely vulnerable to attack, as also are any plugins and themes that have not been updated to the latest version. If you have failed to keep WordPress along with all of its plugins and themes updated, then you are inviting trouble.
Do not think that all you need to do is keep the WordPress core updated. This most certainly is not the case. You should update all themes and plugins immediately an update is released. Also do delete any plugins that are not in use. Repeat – delete them! It is not enough simply to deactivate them – they should be removed from your site entirely. But before doing any of this, do follow the golden rule of taking a backup first. This way, you can revert to the previous status quo if necessary.