Zerodium, an exploit acquisition platform that is actively acquiring zero-day exploits for some of the most used software products, including smartphones, operating systems and web browsers, has announced it will triple payouts for exploits for the WordPress content management system that achieve remote code execution.
The announcement was made via a Twitter message posted last week.
“We're temporarily increasing our payouts for WordPress RCEs to $300,000 per exploit (usually $100K),” the company wrote.
To be eligible for reward, “the exploit must work with latest WordPress, default install, no third-party plugins, no auth, no user interaction!,” the company added.
Zerodium payouts for eligible zero-day exploits range from $2,500 to $2,500,000 per submission depending on the popularity and security level of the affected software/system, as well as the quality of the submitted exploit. In May 2020 the exploit broker announced that it was no longer accepting “new Apple iOS LPE, Safari RCE, or sandbox escapes” due to a high number of submissions.