John Castro

41 posts

John Castro is Sucuri's Vulnerability Researcher who joined the company in 2015. His main responsibilities include threat intelligence and vulnerability analysis. John's professional experience covers more than a decade of pentesting, vulnerability research and malware analysis. When John isn't working with WordPres plugin vulnerabilities, you might find him hiking or hunting for new restaurants. Connect with him on LinkedIn

Plugins Under Attack: June 2019

John Castro
June 28, 2019

A long-lasting malware campaign (1,2) targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. As…

Read the Post

Malware Campaign Evolves to Target New Plugins: May 2019

John Castro
May 28, 2019

A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. Easily automated…

Read the Post

Persistent Cross-site Scripting in WP Live Chat Support Plugin

John Castro
May 15, 2019

During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat…

Read the Post

Persistent XSS via CSRF in WP Meta and Date Remover

John Castro
May 7, 2019

During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability…

Read the Post

Insufficient Privilege Validation in WooCommerce Checkout Manager

John Castro
April 29, 2019

Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting…

Read the Post

WordPress Security

Plugins Added to Malicious Campaign

John Castro
April 25, 2019

We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time.…

Read the Post

A Brief Overview of Online Fraud and Abuse

ThinkPHP 5.x Remote Code Execution

John Castro
April 17, 2019

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you…

Read the Post

SQL Injection in Advance Contact Form 7 DB

John Castro
April 11, 2019

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form…

Read the Post

Attacks on Closed WordPress Plugins

John Castro
April 10, 2019

The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.…

Read the Post

ThinkPHP 5.x – Remote Code Execution Actively Exploited In The Wild

John Castro
April 8, 2019

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP. ThinkPHP is a PHP framework that is very popular in Asia. If you…

Read the Post

Multi-Vector Attack in Server Logs

John Castro
March 25, 2019

We recently noticed an increase on suspicious requests in our logs which reveal a planned attack against the Social Warfare plugin. Bad actors added this…

Read the Post