Threat Actor: Unknown | Unknown
Victim: WordPress Plugin Users | WordPress Plugin Users
Price: $500 (for vulnerability details), $700 (for exploit with proof of concept)
Exfiltrated Data Type: 0-day vulnerability details
Key Points :
- A threat actor claims to have discovered a 0-day vulnerability in a popular WordPress plugin with over 50 million downloads.
- The vulnerability exploits broken access control, allowing attackers to create admin users under certain conditions.
- The actor offers the vulnerability details for $500 and the exploit for $700, including a proof of concept.
- The low price is attributed to the exploit requiring specific admin panel actions that users rarely perform.
- There is uncertainty regarding the accuracy of the claims and whether patches exist to address the vulnerability.
A threat actor claims to have discovered a 0-day vulnerability in a WordPress plugin with over 50 million downloads. This vulnerability exploits broken access control, letting attackers create admin users under certain conditions. The actor offers the vulnerability details for $500 and the exploit for $700, including a proof of concept.
The actor explains the low price by noting that the exploit requires specific admin panel actions, which users rarely do. The claims indicate a potential risk, but it’s unclear if they’re accurate or if patches exist to fix this issue.
The post A Threat Actor Alleged 0-Day Vulnerability in Popular WordPress Plugin appeared first on Daily Dark Web.