I don't know about awesome.. seem like pretty basic mistakes
Yeah they are prevalent, no doubt. I spend a lot of my time dealing with CVE's, and frankly after looking at lots of blog engines I'm afraid to trust some of the open source out there. Scary what they'll take from the web and pass to a cmdline w/out any sanity checking.