Security News > 2020 > March > WordPress and Apache Struts weaponized vulnerabilities on the rise
Among the report's key findings, total framework vulnerabilities in 2019 went down but the weaponization rate went up, WordPress and Apache Struts had the most weaponized vulnerabilities, and input validation surpassed cross-site scripting as the most weaponized weakness in the frameworks examined.
"Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches. Meanwhile, upgrading frameworks can be risky because changes can affect the behavior, appearance, or inherent security of applications," said Srinivas Mukkamala, CEO of RiskSense.
WordPress faced a wide variety of issues, but XSS was the most common problem, while input validation was the biggest risk for the Apache Struts framework.
While the overall number of framework vulnerabilities was down in 2019 compared to previous years, the weaponization rate jumped to 8.6% which is more than double the National Vulnerability Database average of 3.9% for the same period.
Input validation has emerged as the top security risk for frameworks, accounting for 24% of all weaponized vulnerabilities over the past 5 years mostly affecting Apache Struts, WordPress, and Drupal.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/kBB_xgOQuoI/