As announced company Zerodium, it became more interested in the exploits for vulnerabilities in WordPress, allowing remote code execution. For these exploits, she is even ready to pay three times more than before - $ 300 thousand.
However, exploit sellers should hurry up as the offer is only valid for a limited period of time. Why the proposal is temporary, and when it expires, Zerodium does not say.
Sellers should also take into account that the company is willing to pay $ 300K only for exploits that work with the latest version of WordPress. They should work on a clean WordPress installation with default configuration, no authentication or user interaction required. That is, the company is not interested in exploits for vulnerabilities in third-party plugins, no matter how popular and widespread they are.
Zerodium is one of the most famous exploit brokers on the market. The company either develops exploits itself or purchases them from third-party developers. She is only interested in premium exploits, and the company is always open about its pricing. Zerodium is the first broker on the market to publish a price list immediately after launch.
We're temporarily increasing our payouts for WordPress RCEs to $300,000 per exploit (usually $100K).— Zerodium (@Zerodium) April 9, 2021
The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!
If you have this gem, contact us: https://t.co/PBuS1nnpED
Over the years, the company has expanded the list of products in which it is ready to purchase vulnerabilities. Zerodium buys exploits not only for operating systems and browsers, but also for web servers, email servers, web panels and applications, as well as research and methods related to certain technologies (WiFi / Baseband, antivirus, routers / IoT, deanonymization Tor, security bypasses).
The broker has also updated its payouts and announced larger rewards for zero-day exploits on Android than on iOS. These prices remain in place, with the price of the full chain of exploits for Android, allowing attacks without user intervention, reaching $ 2.5 million, while for iOS - $ 2 million.