Antony Garand

22 posts

Antony Garand is Sucuri's Threat Researcher who joined the company in 2019. Antony's main responsibilities include researching vulnerabilities and dissecting malware. His professional experience covers many years of security research and development. When Antony isn't breaking stuff, you might find him at the dog park or learning new skills. Connect with him on Twitter

Duplicated Vulnerabilities in WordPress Plugins

Antony Garand
April 24, 2020

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.…

Read the Post

Reflected XSS in Cookiebot Administrative Page

Antony Garand
March 23, 2020

A reflected XSS vulnerability has recently been found in the Cookiebot plugin plugin, impacting a user base of over 40k installs. Versions prior to 3.6.1…

Read the Post

Reflected XSS in Advanced Ads Admin Dashboard

Antony Garand
March 17, 2020

A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS…

Read the Post

Website Security

Creative Phishing for Digital Gold on RuneScape

Antony Garand
February 6, 2020

RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the…

Read the Post

Why Hackers Create Phishing Campaigns

Antony Garand
December 9, 2019

Phishing is a malicious attempt to obtain personally identifiable information of a victim. The first thing to keep in mind about phishing is the goal…

Read the Post

How to Recognize a Phishing Campaign

Antony Garand
November 20, 2019

Phishing attacks and campaigns have always been a hot topic in online security. With many posts tagged as “phishing” on our blog — the first…

Read the Post

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

Antony Garand
July 3, 2019

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.…

Read the Post

Slimstat: Stored XSS from Visitors

Antony Garand
May 21, 2019

The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain…

Read the Post

WordPress Plugin Give – Stored XSS for Donors

Antony Garand
May 15, 2019

Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit…

Read the Post

Multiple Vulnerabilities in the WordPress Ultimate Member Plugin

Antony Garand
May 13, 2019

The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and…

Read the Post

Revslider new vulnerability with IRC Botnet

Behind the Malware – Botnet Analysis

Antony Garand
February 24, 2016

While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…

Read the Post