As a general rule, the less plugins you have on wordpress the more secure it will be as Wordpress itself is very secure. I lookup CVE's daily (Computer Vulnerability Exploits) and make sure my systems are patched at work.
With that said, check out a free application called WPScan, it's a fantastic utility scanner aimed at wordpess website and is built into Kali linux out of the box. I use it when I'm doing web server assessments to see what I can find. I'd also suggest running, if you're self hosting, nikto, it's a very popular web scanner. Another tool I'd look into using is called Greenbone, though it's since rebranded to gvmd. It's an autoamted utility scanning suite that can scan your own webhost (assuming you're hosting the server yourself) and take a peak at stuff and even point out CVEs on the server itself which can be just as vulnerable.
If you're concerned about wordpress security, as I said above, WP core is pretty secure, but it doesn't hurt to have things like cloudflare, proper SSL certs and a good CSP setup. I personally suggest w3 cache!