• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Marc-Alexandre Montpas

About Marc-Alexandre Montpas

Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

WordPress Vulnerability Detail

October 30, 2020Marc-Alexandre Montpas

Reflected XSS in WordPress v5.5.1 and Lower

WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines a user’s current page, and which may cause a few other problems as well. Are…

Read More about Reflected XSS in WordPress v5.5.1 and Lower

Labs Note

January 29, 2020Marc-Alexandre Montpas

Stored XSS in Elementor

During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers no less than 3 million+…

Read More about Stored XSS in Elementor

WordPress Vulnerability Detail

January 16, 2020Marc-Alexandre Montpas

Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4 

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one…

Read More about Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4 

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

September 25, 2019Marc-Alexandre Montpas

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…

Read More about Zero-Day RCE in vBulletin v5.0.0-v5.5.4

WordPress Vulnerability Detail

September 13, 2019Marc-Alexandre Montpas

Dissecting the WordPress 5.2.3 Update

Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse…

Read More about Dissecting the WordPress 5.2.3 Update

Stored XSS in MyBB

June 11, 2019Marc-Alexandre Montpas

Stored XSS in MyBB <= 1.8.20

The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post…

Read More about Stored XSS in MyBB <= 1.8.20

WordPress Vulnerability Detail

June 4, 2019Marc-Alexandre Montpas

OS Command Injection in WP-Database-Backup

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a very nasty bug which made…

Read More about OS Command Injection in WP-Database-Backup

WordPress Vulnerability Detail

April 5, 2019Marc-Alexandre Montpas

SQL Injection in Duplicate-Page WordPress Plugin

While investigating the Duplicate Page plugin, we have discovered a dangerous SQL Injection vulnerability. Though the plugin wasn’t abused externally, the vulnerability impacted over 800,000 sites. Its urgency is defined…

Read More about SQL Injection in Duplicate-Page WordPress Plugin

Vulnerability in Magento

March 28, 2019Marc-Alexandre Montpas

SQL Injection in Magento Core

Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of…

Read More about SQL Injection in Magento Core

WordPress Vulnerability Detail

March 26, 2019Marc-Alexandre Montpas

Stored XSS Patched in WordPress 5.1.1

WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of…

Read More about Stored XSS Patched in WordPress 5.1.1

Stored XSS in MyBB

March 21, 2019Marc-Alexandre Montpas

Zero-Day Stored XSS in Social Warfare

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting)…

Read More about Zero-Day Stored XSS in Social Warfare

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.