Prominent vulnerability broker Zerodium says it is temporarily tripling the payout for WordPress exploits that enable remote code execution on the latest versions of the CMS. The company now estimates such vulnerabilities and exploits for them at $ 300,000 (versus the usual $ 100,000).
We’re temporarily increasing our payouts for WordPress RCEs to $300,000 per exploit (usually $100K).
The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!
If you have this gem, contact us: https://t.co/PBuS1nnpED
— Zerodium (@Zerodium) April 9, 2021
It is known that the increase in payments will be temporary, but Zerodium has not yet disclosed either the reason for this decision, or the date of the end of this “action”.
As with other similar exploits, the WordPress exploit should work on a clean CMS installation with default configuration, without requiring authentication or user interaction for the attack. That is, exploiting vulnerabilities in third-party plugins, no matter how popular and widespread they are, will not work.
It is worth noting that Zerodium offers the highest payouts for RCE exploits targeting Windows ($ 1,000,000) and exploits that can give an attacker full control over mobile devices ($ 2,500,000 for Android and $ 2,000,000 for iOS ).
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in