"More common" might be a bit tricky, because it's always been a race once patches go out. But modern systems can hit every IP address and quite a ridiculous number of domains extremely easily. There are more targets, so while it might be just as easy to get N% of vulnerable machines, the rewards for a hacker doing that are much higher, so the incentives put you at substantially more risk.
There's also greater danger and incentive for attackers now that more websites are run by primarily non-technical people, as they are less likely to patch immediately.
I'm sure there are also indexers out there who catalogue known Drupal/Wordpress/RoR/etc sites in anticipation of quickly hitting them with an exploit once a new one is released.
4. Fairly robust exploit (doesn't crash the target or require version specific offsets, magic numbers, etc.)
And yes, when similar bug happens that meet these characteristics, mass scale exploitation will follow quickly after for various purpose (spamming, google ranking scam, DDOS, etc.)
It depends on the complexity of the attack. This Drupal one took our team less than an hour to have a working proof of concept (just based on the diffs).
The exploit is very simple, and doesn't require any interaction with the remote site. Explaining why they started on it very fast.
On other more complex exploits, we generally see days (if not weeks), before the attacks start.
If I were an attacker, I'd fingerprint sites. It should be pretty straightforward to maintain a relatively up-to-date database of web server + version, and app stack + version. Then, when a vuln hits, you know exactly whom to attack...
There's also greater danger and incentive for attackers now that more websites are run by primarily non-technical people, as they are less likely to patch immediately.