Security News > 2021 > April > Zerodium Offering $300,000 for WordPress Exploits
Exploit acquisition company Zerodium announced last week that it's temporarily offering $300,000 for high-impact WordPress exploits.
The company typically offers $100,000 for WordPress RCE exploits, the same amount as for Webmin, Plesk, and cPanel/WHM exploits.
Zerodium claims its customers are government organizations - mainly from North America and Europe - that seek "Advanced zero-day exploits and cybersecurity capabilities."
"At ZERODIUM we take ethics very seriously and we chose our customers very carefully, which means that access to your research and exploits will be highly restricted and limited to a very small number of institutional customers," the company says on its website.
Currently, Zerodium offers the highest payouts for remote code execution exploits targeting Windows, and exploits that can give a remote attacker full control of mobile devices.
It's not uncommon for the company to temporarily increase payouts for certain exploits - likely if there is a big demand - but the company is also known to stop buying certain types of exploits altogether due to surplus.