It depends as you have different attack vectors.
If you're running a release you're most likely more vulnerable as very little gets backported (primarily packages) in general and many are quite honestly quite dated. As long as you don't expose services to unknown clients you'll most likely be fine from a realistic point of view as very few (if any) will have interest in hacking your network as far as file sharing daemons goes etc. The kernel, wifi related software, firewall is however what's exposed and even though WPA2 might not be the safest wireless protocol around it's a good as it gets when it comes to wirelss devices, cable will be by far more "secure" in that regard but you usually want wireless access in 2020 for at least some devices. You can in theory use VPN on top of your wifi network but that quite inconvenient for casual use. Regarding kernel and firewall goes you should be fine in most case, if anything you're most likely encounter some kind of DDOS attack before someone gains root access to your device and are able to access your network. Don't forget that DNS can also be used for various attacks.
What OpenWrt falls short (compared to a "full distro" but again, it's due to what kind of devices OpenWrt targets) is that there's no way to easily upgrade/maintain a device if your device is vulnerable. It will in the majority of cases involve flashing the firmware, reinstalling packages and/or compiling your own firmware which in turn requires a lot more time and user interaction than just running
<command> update and reboot. What might be even more annoying is that breaking changes are rarely documented so you might end up with a non booting device in some cirsumstances if you keep your settings.
Your device running OpenWrt will "be fine" if you install latest release and/or trunk with the latest package tree available however you will most likely need to spend more time keeping it up to date than a "full distro" and here's where many (including myself) falls into "as long as it works I don't touch it" reasoning due to upgrade path. Unless it's a major security flaw you're most likely going to be fine in the end despite some vuln but there's always a possibility.
To be clear, it's not like Debian, Alpine, FreeBSD, OpenBSD and so on will ever have breaking changes etc but they're usually well documented and if you need to upgrade they require much less time to do so. It's also usually much easier to get whatever software you want running due to larger package repos or the simple fact that you can compile directly on the device without too much hassle.
Keep in mind that "not current" doesn't necessarily mean security vulnerability but it might of some concern depending on what kind of software it is.