Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
  • Immediate Help
Login
Login

New Customer?

Sign up now.
  • Submit a ticket
  • Knowledge base
  • Chat now

John Castro

41 posts
John Castro is Sucuri's Vulnerability Researcher who joined the company in 2015. His main responsibilities include threat intelligence and vulnerability analysis. John's professional experience covers more than a decade of pentesting, vulnerability research and malware analysis. When John isn't working with WordPres plugin vulnerabilities, you might find him hiking or hunting for new restaurants. Connect with him on LinkedIn
WordPress Vulnerability
  • Vulnerability Disclosure

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

  • John Castro
  • September 4, 2020
NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger,…
Read the Post
Labs Note
  • Ecommerce Security
  • Joomla Security
  • Website Malware Infections
  • Website Security
  • WordPress Security

Vulnerabilities Digest: July 2020

  • John Castro
  • August 3, 2020
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
Read the Post
Trojan Spyware and BEC Attacks
  • Security Advisory
  • Security Education
  • Sucuri Labs
  • Vulnerability Disclosure

Vulnerabilities Digest: June 2020

  • John Castro
  • July 6, 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…
Read the Post
WordPress Vulnerability
  • Vulnerability Disclosure

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

  • John Castro
  • June 22, 2020
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce…
Read the Post
Labs Note
  • Security Advisory
  • Vulnerability Disclosure

Vulnerable Plugins: June 2020 Update

  • John Castro
  • June 19, 2020
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version…
Read the Post
Labs Note
  • Security Education
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Malware Infections

Vulnerabilities Digest: May 2020

  • John Castro
  • May 29, 2020
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection —…
Read the Post
Labs Note
  • Sucuri Labs
  • Vulnerability Disclosure
  • WordPress Security

Unauthenticated Stored Cross Site Scripting in WP Product Review

  • John Castro
  • May 14, 2020
During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review…
Read the Post
Labs Note
  • Ecommerce Security
  • Magento Security
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Malware Infections
  • Website Security

Vulnerabilities Digest: April 2020

  • John Castro
  • May 1, 2020
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By…
Read the Post
Labs Note
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Security
  • WordPress Security

Vulnerabilities Digest: March 2020

  • John Castro
  • March 27, 2020
Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Cookiebot Reflected Cross-Site Scripting 3.6.1 40000 Data Tables Generator By Supsystic Authenticated Stored XSS 1.9.92 30000…
Read the Post
Labs Note
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Malware Infections
  • Website Security
  • WordPress Security

Vulnerabilities Digest: February 2020

  • John Castro
  • March 2, 2020
Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Duplicator Arbitrary File Download 1.3.28 1000000 Modula Image Gallery Authenticated Stored XSS 2.2.5 70000 Easy Property…
Read the Post
Labs Note
  • Sucuri Labs
  • Website Malware Infections
  • WordPress Security

Vulnerabilities Digest: January 2020

  • John Castro
  • January 28, 2020
Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6…
Read the Post
Search
Sucuri Sidebar Malware Removal to Signup Page
Sucuri Logo

Let’s Connect

Products
Website Firewall Website Security Platform WordPress Security Website Backups Hack Assistance Pricing
Solutions
DDoS Protection Malware Detection Malware Removal Malware Prevention Blacklist Removal SEO Spam Removal
USE CASES
Developers Ecommerce Agency Plans Enterprise Services HTTPS/2 Virtual Patching
Support
Knowledge Base SiteCheck Guides Research Labs Report Abuse Status Report
Company
About Sucuri Contact Blog Referral Partners Testimonials
Terms of Use Privacy Policy Do Not Sell My Personal Information Frequently Asked Questions

© 2025 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.

back to top

'