Security News > 2020 > March > WordPress and Apache Struts weaponized vulnerabilities on the rise

WordPress and Apache Struts weaponized vulnerabilities on the rise
2020-03-17 05:30

Among the report's key findings, total framework vulnerabilities in 2019 went down but the weaponization rate went up, WordPress and Apache Struts had the most weaponized vulnerabilities, and input validation surpassed cross-site scripting as the most weaponized weakness in the frameworks examined.

"Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches. Meanwhile, upgrading frameworks can be risky because changes can affect the behavior, appearance, or inherent security of applications," said Srinivas Mukkamala, CEO of RiskSense.

WordPress faced a wide variety of issues, but XSS was the most common problem, while input validation was the biggest risk for the Apache Struts framework.

While the overall number of framework vulnerabilities was down in 2019 compared to previous years, the weaponization rate jumped to 8.6% which is more than double the National Vulnerability Database average of 3.9% for the same period.

Input validation has emerged as the top security risk for frameworks, accounting for 24% of all weaponized vulnerabilities over the past 5 years mostly affecting Apache Struts, WordPress, and Drupal.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/kBB_xgOQuoI/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 295 61 854 634 290 1839
Wordpress 49 36 409 104 29 578