Joomla! vs WordPress Security Updates in 2011 (The number game)

This article gives a detail statistics on Joomla! and WordPress security updates in 2011. Both CMS went through re-design and re-modeling process in 2011. Joomla! was in the process of developing 1.7/2.5 which was released in January 2012 and WordPress released 3.3.x and development started from 3.0.x.

Following chart represents totals number of security issues reported and fixed in 2011.

Joomla! vs WordPress Security Updates in 2011

Security Updates

Joomla! (v.1.6/v.1.7)
34
WordPress
13
Notice:
– Joomla! number was calculated for version 1.6.x and 1.7.x. Other assumption made in calculation was all security issues recorded were reported and fixed in 2011.
– WordPress number was difficult to calculate because the security updates and level of details presented by WordPress community is very minimal. I had to drill down to change logs to identify the total number of security vulnerabilities. There might be a possibility that I have missed few.

 

While developing Joomla! 1.7/2.5 Joomla! community was maintaining version 1.5 as well.

Security Updates

Joomla! (1.5)
2

Joomla! security updates by type of security vulnerabilities

Joomla! security updates by type of security vulnerabilities (2011)

Joomla! security updates by type of security vulnerabilities (2011)

Path Disclosure
2
SQL Injection
2
XSS Vulnerabilities
12
Information Disclosure
9
Redirect Vulnerabilities
1
Unauthorised Access
3
CSRF Vulnerability
2
DOS Vulnerabilities
1
Clickjacking
1
Password Change
1

WordPress security updates by type of security vulnerabilities

WordPress security updates by type of security vulnerabilities (2011)

WordPress security updates by type of security vulnerabilities (2011)

Path Disclosure
1
XSS Vulnerabilities
3
Information Disclosure
1
Redirect Vulnerabilities
1
Unauthorised Access
1
CSRF Vulnerability
1
Clickjacking
1
Media Security
1
Uploader Security
1
Others
2

Conclusion: As the number shows both products went through re-design and re-model phase in 2011. But 2012’s data, will give us better understanding of the stability of these two products.

References:
Joomla! Security News URL: http://developer.joomla.org/security/news.html?limitstart=0
WordPress Security News URL: http://wordpress.org/news/category/security/

Security Vulnerabilities Information Links:
Path Disclosure:
https://www.owasp.org/index.php/Full_Path_Disclosure
Information Disclosure:
http://searchsecurity.techtarget.com/definition/vulnerability-disclosure
Redirect Vulnerabilities:
https://www.owasp.org/index.php/Open_redirect
http://developer.joomla.org/security/news/333-20110302-core-redirect-vulnerabilities
DOS Vulnerabilities:
http://en.wikipedia.org/wiki/Denial-of-service_attack
CSRF Vulnerability:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Clickjacking:
http://en.wikipedia.org/wiki/Clickjacking

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment

About the author

Hassan Janjua

Hassan Janjua is a Sacramento, CA, USA based web designer specializing in Joomla! development. Hassan is involved in many aspects of the Joomla! and open source content management community. Hassan holds project manager postion with JoomClan.com where he is managing 3rd party Joomla! extensions like JoomRSS, JoomListings, JoomClip, and JoomDocs. Hassan has more than 8 years of experience in Mambo and Joomla!.

Add a Comment

  • Hassan Janjua is a Sacramento, CA, USA based web designer specializing in Joomla! development. Hassan is involved in many aspects of the Joomla! and open source content management community. Hassan holds project manager postion with JoomClan.com where he is managing 3rd party Joomla! extensions like JoomRSS, JoomListings, JoomClip, and JoomDocs. Hassan has more than 8 years of experience in Mambo and Joomla!.

    Let me know what you think

    You can contact me via email button below or submit online

    Feedback Form