For starters, it's good to remember that WordPress was designed to be a blogging platform. It's a very flexible CMS, I agree, but if you want to extend its functionality beyond the basics, you will have to add at least 5 to 10 plug-ins to it.
That doesn't sound too bad, until you realize that each plug-in slows down your website. Not only that, but many plug-ins aren't updated, causing errors and sometimes even leaving your website unprotected against brute-force attacks.
It's true that both WordPress and most of its plug-ins are constantly updated, though. But this isn't always a good thing, because it makes you waste quite a bit of time constantly checking if a new update is on its way. Sure, I like the fact that these updates harden the security of your website, but it would've been much better if these security problems weren't so frequent with WordPress.