There is a bunch of vulnerabilities that some still is and some was useful that you can or could use on the website but I haven't seen any that can actually gain admin rights on the server, the ssh port 22 is open but what are the odds of cracking in there unless you know the username of the ssh server that is a valid admin/root user. There should be ways and if there isn't yet then there will eventually be, but those methods will just be countered with security patches and stuff like that.