RiskSense experts did a great job and
studied all vulnerabilities disclosed between 2010 and 2019. As it turned out, in 55% of cases, attackers exploit bugs in WordPress and Apache Struts in real attacks.
The Drupal CMS is the third most popular among hackers, followed by Ruby on Rails and Laravel. As for programming languages, the most attacked were vulnerabilities in PHP and Java applications.
In addition, RiskSense researchers studied the types of exploitable vulnerabilities. It turned out that although cross-site scripting (XSS) errors were the most common security errors found in the 2010s, they were not the most used. This designation is given to various injection-related bugs that can be abused to inject and run their own commands in the context of the victim's application or OS.
“Vulnerabilities associated with injection of SQL, code and various commands, were quite rare, but at the same time they had one of the highest exploitation rates – often more than 50%, ”specialists summarize.