WordPress powers around 25% of the top one million websites in Alexa. Drupal, Joomla! And other popular CMS solutions power several other thousands of websites . And if there is a forum on a website, most probably it is powered by a forum software such as phpBB rather than a custom built one.
Custom built applications are still very popular, especially in business-specific web applications. Though off-the-shelf web applications are becoming more popular, especially the open source ones. There is nothing wrong with such new approach, though let’s not forget that these are still web applications, and like all others, can have web vulnerabilities.
As highlighted in a post about the ramifications of outdated and vulnerable software, there is a lot at stake when using old software. Malicious users are constantly scanning websites randomly to check if they are vulnerable to a SQL Injection in old version of WordPress, or a Cross-site Scripting (XSS) vulnerability in an old version of Joomla! Or phpBB. Therefore if you are running an old version of such software it is only a matter of time until you get hacked.