• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

John Castro

About John Castro

John Castro is Sucuri's Vulnerability Researcher who joined the company in 2015. His main responsibilities include threat intelligence and vulnerability analysis. John's professional experience covers more than a decade of pentesting, vulnerability research and malware analysis. When John isn't working with WordPres plugin vulnerabilities, you might find him hiking or hunting for new restaurants. Connect with him on LinkedIn

WordPress Vulnerability

September 4, 2020John Castro

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, etc. During a routine research audit for our Sucuri Firewall, we discovered a…

Read More about Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

Labs Note

August 3, 2020John Castro

Vulnerabilities Digest: July 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0…

Read More about Vulnerabilities Digest: July 2020

Trojan Spyware and BEC Attacks

July 6, 2020John Castro

Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and…

Read More about Vulnerabilities Digest: June 2020

WordPress Vulnerability

June 22, 2020John Castro

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin. Current…

Read More about Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Labs Note

June 19, 2020John Castro

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated…

Read More about Vulnerable Plugins: June 2020 Update

Labs Note

May 29, 2020John Castro

Vulnerabilities Digest: May 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection — 100000 Add-on SweetAlert Contact Form…

Read More about Vulnerabilities Digest: May 2020

Labs Note

May 14, 2020John Castro

Unauthenticated Stored Cross Site Scripting in WP Product Review

During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin. Current State of the…

Read More about Unauthenticated Stored Cross Site Scripting in WP Product Review

Labs Note

May 1, 2020John Castro

Vulnerabilities Digest: April 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By Phoeniixx Reflected XSS Closed 2000…

Read More about Vulnerabilities Digest: April 2020

Labs Note

March 27, 2020John Castro

Vulnerabilities Digest: March 2020

Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Cookiebot Reflected Cross-Site Scripting 3.6.1 40000 Data Tables Generator By Supsystic Authenticated Stored XSS 1.9.92 30000 WPvivid Backup Database Leak 0.9.36…

Read More about Vulnerabilities Digest: March 2020

Labs Note

March 2, 2020John Castro

Vulnerabilities Digest: February 2020

Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Duplicator Arbitrary File Download 1.3.28 1000000 Modula Image Gallery Authenticated Stored XSS 2.2.5 70000 Easy Property Listings CSRF 3.4 6000 ThemeREX…

Read More about Vulnerabilities Digest: February 2020

Labs Note

January 28, 2020John Castro

Vulnerabilities Digest: January 2020

Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6 7627 Real Estate 7 Stored…

Read More about Vulnerabilities Digest: January 2020

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.