Pierluigi Paganini
April 09, 2021
Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution.
Zerodium announced via Twitter that is temporarily offering a $300,000 payout for this kind of exploit. The platform will pay for a zero-click exploit working on a default installation of WordPress. The company will not pay for exploits targeting WordPress plugins and third-party themes.
“The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!” states the company.
We're temporarily increasing our payouts for WordPress RCEs to $300,000 per exploit (usually $100K).
— Zerodium (@Zerodium) April 9, 2021
The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!
If you have this gem, contact us: https://t.co/PBuS1nnpED
The payouts for working exploits depends on the balance between demand and offer, in May 2020, the exploit broker announced that it was no longer accepting certain types of iOS exploits due to surplus. Zerodium argued that took this decision due to the high number of submissions, an information that could give us an idea of how is prolific the hacking community.
A zero-click exploit chain for Android would be still rewarded with up to $2.5 million, while an exploit chain for iOS only $2 million.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, WordPress)
[adrotate banner=”5″]
[adrotate banner=”13″]
