John Castro

41 posts

John Castro is Sucuri's Vulnerability Researcher who joined the company in 2015. His main responsibilities include threat intelligence and vulnerability analysis. John's professional experience covers more than a decade of pentesting, vulnerability research and malware analysis. When John isn't working with WordPres plugin vulnerabilities, you might find him hiking or hunting for new restaurants. Connect with him on LinkedIn

Plugins added to Malware Campaign: November 2019

John Castro
December 2, 2019

This is an update for the long-lasting malware campaign targeting vulnerable plugins since January. Please check our previous updates below: Multi-Vector Attack in Server Logs:…

Read the Post

Wrong content-type to XSS

John Castro
November 22, 2019

WordPress Social Sharing Plugin – Sassy Social Share, which currently has over 100000 installations just fixed a Cross Site Scripting Vulnerability. This bug allows attackers…

Read the Post

Plugins added to Malware Campaign: October 2019

John Castro
November 6, 2019

This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…

Read the Post

Plugins added to Malware Campaign: September 2019

John Castro
October 3, 2019

This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…

Read the Post

Plugins Under Attack: August 2019

John Castro
September 19, 2019

This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…

Read the Post

Unauthenticated settings update in woocommerce-ajax-filters

John Castro
September 18, 2019

woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…

Read the Post

Misuse of WordPress update_option() function Leads to Website Infections

John Castro
September 16, 2019

In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…

Read the Post

Lack of controls when using WordPress’ update_option() with user input data equals plugin nightmare

John Castro
August 20, 2019

As mentioned in recent posts, WordPress’ update_option() function is used to update any option in the options database table. If the permission flow when using…

Read the Post

Plugins Under Attack: July 2019

John Castro
July 29, 2019

A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites: Multi-Vector Attack…

Read the Post

WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update

John Castro
July 11, 2019

With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase…

Read the Post

Icegram Persistent Cross-Site Scripting

John Castro
July 9, 2019

Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and…

Read the Post