In this work, we aim to analyze the presence of Content Management Systems on the Internet. We build empiric data on what proportion of the Web uses these software platforms, by fingerprinting known CMSs and their versions. We then analyze the versions of the most important CMSS (WordPress, Drupal and Joomla) to define what proportion of websites are running outdated and vulnerable code.
While the proportion of websites found to be vulnerable may be low, this is most likely attributable to the benchmark we set to consider a website as such. This work provides empiric data and a reproducible methodology, in a field that is severely lacking of both.