55% of Discovered Weaponized Bugs Target WordPress and Apache Struts

Share Article

Over the last 10 years, more than half of all the security bugs that were weaponized were for two application frameworks – Apache Struts and WordPress.

Sponsored



Sponsored

A recent study focused on analyzing all the vulnerabilities disclosed over the past decade resulted in quite an interesting discovery. [RiskSense] According to analysts, around 55% of all security vulnerabilities that have been discovered, weaponized, and exploited during this period were for only two major application frameworks – Apache Struts and WordPress.

The company conducting the study is risk analysis firm RiskSense. Its report also found that the Drupal content management system ranked as third on the list, with Ruby on Rails and Laravel following closely.

Other concerning findings

When it comes to programming languages, the most vulnerabilities that were weaponized during the same period were found in PHP and Java apps.

The least weaponized bugs were found in Python and JavaScript, although the company estimates that this might change over the coming several years, as the languages are becoming increasingly popular.

They also noted that developers and users alike should keep a close eye on Node.js and Django, which are the two most commonly used application frameworks for JavaScript and Python ecosystems. Nofe.js was discovered to have around 56 vulnerabilities, which is higher than any other framework for JavaScript, while Django has 66, which is the highest for Python, although only one of them was weaponized per framework thus far.

However, while the weaponization itself still remains low, the number of vulnerabilities is quite high, which makes them both potentially dangerous. And it is only a matter of time before hackers start focusing more on them.

On the other hand, Perl and Ruby programming languages started seeing fewer and fewer weaponized vulnerabilities over the decade, as their popularity faded.

Researchers also paid attention to the vulnerability types, noting that cross-site scripting (XSS) bugs were the most common in the early 2010s but were not the most weaponized ones. The ones that were the most weaponized include injection-based flaws, which could allow hackers to inject their own commands into the systems.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Ali is a freelance journalist, having 7 years of experience in web journalism and marketing. He contributes to various online publications. Ali holds a master degree in finance and enjoys writing about cryptocurrencies and fintech. Ali's work has been published on a number of well-known publications in crypto and cybersecurity niches. When he is not working, he loves traveling and playing games.

Follow Author

Crypto predictions with the Best Telegram Signal with +70% accuracy!

Join now

Free Cloud Mining Providers to Mine Bitcoin in 2021

Go

How To Mine Cryptocurrency: Beginner’s Guide

Let's Go