WordPress RCE Bug Bounty
Zerodium has tripled the payouts for exploits for the WordPress CMS that could be used to achieve remote code execution.
Zerodium announced via Twitter that is temporarily offering a $300,000 payout for this kind of exploit. The platform will pay for a zero-click exploit working on a default installation of WordPress. The company will not pay for exploits targeting WordPress plugins and third-party themes.
“The exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!”
The payouts for working exploits depends on the balance between demand and offer, Earlier last year, the exploit broker announced that it was no longer accepting certain types of iOS exploits due to surplus. Zerodium argued that took this decision due to the high number of submissions, an information that could give us an idea of how is prolific the hacking community.
A zero-click exploit chain for Android would be still rewarded with up to $2.5 million, while an exploit chain for iOS only $2 million.