Our themes and plugins are unlikely to be containing any security issues.
Since 2013 we have 0 known incidents of security issues in any of our themes or plugins.
Plugins from the official WordPress repository are not guaranteed to be secure.
We receive questions about hacked websites extremely rarely (and often it's not a security breach but expired certificate or a similar issue).
If you suspect that your website might have been infected with some malicious code the first step to investigate the issue would be to install and use Exploit Scanner which was created by the WordPress team.
We encourage you to report any such incidents on our support forum.