WordPress' update cycle is reaching the speed of Windows XP. Even Google is sending out warnings, urging site owners to update. For me they were not accurate, but there are still many vulnerable sites out there.
One could – for example – use Nerdydata to search the internet’s source code for vulnerable WP versions. A simple search across their “Popular sites” dataset reveals close to 300 matches.
Using the same trick, you could also identify vulnerable WP installs you are managing. Here a GIST to a short Python script.