Security News > 2020 > March > WordPress, Apache Struts Attract the Most Bug Exploits
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 - while input-validation bugs edged out cross-site scripting as the most-weaponized weakness type.
The firm found that WordPress and Apache Struts alone accounted for a combined 57 percent of exploited framework bugs during the year.
Their prevalence in WordPress aside, XSS bug flaws overall have fallen in volume in recent years: XSS was the most common vulnerability over the 10-year study period, but it dropped to fifth when analyzed for just the last five years.
Input validation accounted for 24 percent of all weaponized vulnerabilities over the past five years, mostly affecting Apache Struts, WordPress and Drupal.
Apache Struts had the third most-weaponized vulnerabilities and had one of the highest overall weaponization rates across all frameworks, the report found; and, 38.6 percent of all Struts vulnerabilities were weaponized.
News URL
Related news
- Critical security hole in Apache Struts under exploit (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)