The most widely used and beginner-friendly CMS. Open source, runs on PHP.
Pro Optional free hosting
WordPress offers free hosting under a wordpress.com subdomain. This option eliminates the need for setting up the CMS yourself and is reasonably secure, as WP uses multiple servers to back your site up. Additionally, for a fee, you can even set up your own custom domain name.
Con Too many amateurish, insecure, outdated, unmaintained, incomplete or useless plugins
True, there may be some plugin for every functionality you require. However if you take a more detailed look at those plugins they are either outdated, made by some hobby programmer (i.e. no in-depth testing, no security audits, no code reviews, hacky, unmaintainable) in their spare time (and don't get me wrong: I adore everyone giving something to the community; but many of these plugins are just unusable for serious business), incomplete (regarding multi-language capability, an author of a famous Wordpress form builder plugin responded something like: "Well, maybe sometime"; seriously, man?), insecure (e.g. recently there was a serious flaw as a buggy plugin is used by many themes) or often need much hacking to finally get the correct functionality that YOU need currently.
Con Restrictive templating makes it hard to do original layouts
The templating system is highly restrictive. All your body content for a page (technically a post) comes out from one variable, and is spat directly onto the page. If you want to pull that content out into chunks? Tough shit. You have to use plugins to make it work correctly.
Wordpress by default allows commenting on pages, any page. Even if you turn commenting off for a page bots can still access the commenting endpoint; even if you use a 3rd party commenting system such as Disqus. Wordpress comes with an anti-spam filter called Askimet which does a pretty good job but not perfect.
Con Saves data serialized
Wordpress itself and many of the available plugins save most of their data using the serialize-function from PHP. This means that you will need some coding using the API to extract the data that you want, instead of just running some easy SQL-query. Also depending on your PHP version / database environment the serialization of the data can be different, i.e. no easy deployment of data as e.g. string length for multi-byte characters will be different, breaking the data structure.
Flagged Pros + Cons
Partly because it is one of the most popular CMSs there are people actively finding security holes. Even though these holes are plugged by Wordpress regularly if you do not update your system regularly you may end up being hacked. There is also no easy way to rename access to the admin area so you will get bots trying to hack your site regularly.