The number of vulnerabilities in major web-application frameworks has declined since peaking most recently in 2016. But attackers have remained focused on exploiting weaknesses in the software platforms. The data suggests that companies should take stock of their web application frameworks from the standpoint of security. WordPress, Apache Struts, and Drupal along with their parent languages PHP and Java continue to have the highest rates of weaponization. Python-based and JavaScript-based frameworks seem to have fewest vulnerabilities and the fewest weaponized vulnerabilities.”]