$20 per zero-day is already the WordPress plugin reality

Researchers built an AI-driven scanning and verification pipeline that, in 72 hours, surfaced and manually verified 300+ critical zero-day vulnerabilities in WordPress plugins (pre-auth RCEs, SQLi, privilege escalation, SSRF, automated downgrade chains), highlighted a low per-vulnerability cost, the strain on disclosure triage, and warned that similar automated pipelines could be used by attackers to scale zero-day discovery.