Sucuri company specialists found significnat vulnerabilities in Duplicate Page plugin. This plugin is installed and…
“At the same time, bugs in JavaScript and Python turned out to be the least popular, although this may change in the next years, since both languages are now very popular, and their adoption is growing rapidly”, – experts of RiskSense consider.
In particular, users and information security companies are advised to follow Node.js and Django, the two most popular frameworks for the JavaScript and Python ecosystems. Thus, significantly more vulnerabilities were found in Node.js than in other JavaScript frameworks – 56 vulnerabilities, although so far only one has been actively used.
In the same way, 66 vulnerabilities were discovered in Django, but only one was exploited. RiskSense researchers expect that hackers will soon turn their eyes to these rising stars of the programming world and at the same tine explore the possibility of exploiting old bugs.
It is also noted that Perl and Ruby, which were extremely popular in the early 2010s, are now less and less attacked, as programmers switched to JavaScript and Python at the end of the decade. Moreover, as we said, Python overcame JavaScript in popularity among developers.
In addition, RiskSense researchers examined the types of exploited vulnerabilities. It turned out that although cross-site scripting (XSS) errors were the most common security errors discovered in the 2010s, they were not the most used.
Now, this title has been awarded various injection related bugs that can be abused to deploy and run your own commands in the context of the victim’s application or OS.
“Vulnerabilities associated with SQL injections, code, and various commands were quite rare, but at the same time they had one of the highest exploitation rates – often more than 50%”, — the experts conclude.
We talked about vulnerabilities to SQL injections, for example, in the Duplicate Page plugin for WordPress, which is just part of the statistics on which is based the RiskSense study.
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…