Sale of a 0day exploit in a WordPress plugin for user registration and access management

For informational purposes only

Vulnerability type: Unrestricted File Upload Affected versions: current version as of April 7, 2026 Price: $5K

The seller claims to be offering a 0day exploit for a popular WordPress plugin that, according to wordpress.org, has more than 200,000 active installations. The exploit allegedly allows any external attacker to upload files to the server into a publicly accessible web application directory; specifically, the post mentions PDF, DOC, JPG, and GIF file types.

💬 Discuss