Most websites are based on a content management system (e.g. WordPress, Joomla!, Drupal ...). If there is a security hole in one of these systems, the danger of mass attacks, which exploit exactly this hole, exists. Thus all websites are vulnerable.
In addition, a variety of special attacks with religious, political or ideological motivations are targeting special interest group websites.
Other risks that may result in a successful hack are: Outdated software or plugins, stolen passwords, insecure configuration or the use of an already infected computers.