Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution.
Zerodium announced via Twitter that is temporarily offering a $300,000 payout for this kind of exploit. The platform will pay for a zero-click exploit working on a default installation of WordPress. The company will not pay for exploits targeting WordPress plugins and third-party themes.
“The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!” states the company.
The payouts for working exploits depends on the balance between demand and offer, in May 2020, the exploit broker announced that it was no longer accepting certain types of iOS exploits due to surplus. Zerodium argued that took this decision due to the high number of submissions, an information that could give us an idea of how is prolific the hacking community.
A zero-click exploit chain for Android would be still rewarded with up to $2.5 million, while an exploit chain for iOS only $2 million.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, WordPress)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.