Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
  • Immediate Help
Login
Login

New Customer?

Sign up now.
  • Submit a ticket
  • Knowledge base
  • Chat now

John Castro

41 posts
John Castro is Sucuri's Vulnerability Researcher who joined the company in 2015. His main responsibilities include threat intelligence and vulnerability analysis. John's professional experience covers more than a decade of pentesting, vulnerability research and malware analysis. When John isn't working with WordPres plugin vulnerabilities, you might find him hiking or hunting for new restaurants. Connect with him on LinkedIn
WordPress Vulnerablity Disclosre
  • Ecommerce Security
  • Vulnerability Disclosure
  • WordPress Security

SQLi Vulnerability in YITH WooCommerce Wishlist

  • John Castro
  • January 16, 2018
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress.…
Read the Post
WordPress Vulnerablity Disclosre
  • Vulnerability Disclosure
  • WordPress Security

SQL Injection Vulnerability in WP Statistics

  • John Castro
  • June 30, 2017
Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you…
Read the Post
Labs Note
  • Sucuri Labs
  • Website Malware Infections
  • Website Security

.user.ini SPAM SEO Redirect

  • John Castro
  • February 17, 2017
Since PHP 5.3.0, PHP includes support for configuration INI files on a per-directory basis that has the same effect (depending on the case) that the…
Read the Post
Labs Note
  • Sucuri Labs
  • Website Malware Infections
  • Website Security

Backdooring sites using exotic php functions

  • John Castro
  • February 16, 2017
Throughout the last few months, we published multiple articles about simple but powerful backdoors and how attackers get creative. Virtually in all cases, the code…
Read the Post
Labs Note
  • Sucuri Labs
  • Website Malware Infections
  • Website Security

Fake Google Analytics tracking code leading to Adware

  • John Castro
  • January 31, 2017
Our Incident Response process makes sure we remove all malicious files and other small pieces of code inserted in good files that could be used…
Read the Post
Labs Note
  • Sucuri Labs
  • Website Malware Infections
  • WordPress Security

Hooking WordPress Class to Hide Malicious Users

  • John Castro
  • January 20, 2017
When a website is compromised, attackers perform post-exploitation tasks to  maintain  access to the site for as long as possible. One of these actions is…
Read the Post
Labs Note
  • Sucuri Labs

Another sample of a Magento compromise for profit

  • John Castro
  • June 6, 2016
We are often seeing malicious code being used to steal credit card details and sensitive information from compromised Magento sites, but this one caught our…
Read the Post
  • Ecommerce Security
  • Magento Security

Magento Credit Card Stealer for Braintree Extension

  • John Castro
  • June 3, 2016
We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily.…
Read the Post
Search
Sucuri Sidebar Malware Removal to Signup Page
Sucuri Logo

Let’s Connect

Products
Website Firewall Website Security Platform WordPress Security Website Backups Hack Assistance Pricing
Solutions
DDoS Protection Malware Detection Malware Removal Malware Prevention Blacklist Removal SEO Spam Removal
USE CASES
Developers Ecommerce Agency Plans Enterprise Services HTTPS/2 Virtual Patching
Support
Knowledge Base SiteCheck Guides Research Labs Report Abuse Status Report
Company
About Sucuri Contact Blog Referral Partners Testimonials
Terms of Use Privacy Policy Do Not Sell My Personal Information Frequently Asked Questions

© 2025 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.

back to top

'