Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
  • Immediate Help
Login
Login

New Customer?

Sign up now.
  • Submit a ticket
  • Knowledge base
  • Chat now

Marc-Alexandre Montpas

50 posts
Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.
WordPress Vulnerability Detail
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Security
  • WordPress Security

Reflected XSS in WordPress v5.5.1 and Lower

  • Marc-Alexandre Montpas
  • October 30, 2020
WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
Read More
Labs Note
  • Joomla Security
  • Sucuri Labs
  • Vulnerability Disclosure
  • Website Malware Infections
  • Website Security

Stored XSS in Elementor

  • Marc-Alexandre Montpas
  • January 29, 2020
During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers…
Read More
WordPress Vulnerability Detail
  • Security Advisory
  • Vulnerability Disclosure
  • Website Security
  • WordPress Security

Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4 

  • Marc-Alexandre Montpas
  • January 16, 2020
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to…
Read More
Zero-Day RCE in vBulletin v5.0.0-v5.5.4
  • Security Advisory
  • Vulnerability Disclosure
  • Website Security

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

  • Marc-Alexandre Montpas
  • September 25, 2019
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This…
Read More
WordPress Vulnerability Detail
  • Vulnerability Disclosure
  • Website Security
  • WordPress Security

Dissecting the WordPress 5.2.3 Update

  • Marc-Alexandre Montpas
  • September 13, 2019
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to…
Read More
Stored XSS in MyBB
  • Vulnerability Disclosure
  • Website Malware Infections
  • Website Security

Stored XSS in MyBB <= 1.8.20

  • Marc-Alexandre Montpas
  • June 11, 2019
The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in…
Read More
WordPress Vulnerability Detail
  • Vulnerability Disclosure
  • WordPress Security

OS Command Injection in WP-Database-Backup

  • Marc-Alexandre Montpas
  • June 4, 2019
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a…
Read More
WordPress Vulnerability Detail
  • Vulnerability Disclosure
  • Website Malware Infections
  • WordPress Security

SQL Injection in Duplicate-Page WordPress Plugin

  • Marc-Alexandre Montpas
  • April 5, 2019
While investigating the Duplicate Page plugin, we have discovered a dangerous SQL Injection vulnerability. Though the plugin wasn’t abused externally, the vulnerability impacted over 800,000…
Read More
Vulnerability in Magento
  • Vulnerability Disclosure

SQL Injection in Magento Core

  • Marc-Alexandre Montpas
  • March 28, 2019
Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To…
Read More
WordPress Vulnerability Detail
  • Vulnerability Disclosure
  • WordPress Security

Stored XSS Patched in WordPress 5.1.1

  • Marc-Alexandre Montpas
  • March 26, 2019
WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this…
Read More
Stored XSS in MyBB
  • Vulnerability Disclosure
  • WordPress Security

Zero-Day Stored XSS in Social Warfare

  • Marc-Alexandre Montpas
  • March 21, 2019
A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to…
Read More
Search
Sucuri Sidebar Malware Removal to Signup Page
  • Products
    • Website Firewall
    • Website Security Platform
    • Website Backups
    • WordPress Security
    • Enterprise Services
  • Solutions
    • DDoS Protection
    • Malware Detection
    • Malware Removal
    • Malware Prevention
    • Blacklist Removal
  • Support
    • Knowledge Base
    • SiteCheck
    • Research Labs
    • Report Abuse
    • Status Report
  • Company
    • About Sucuri
    • Contact
    • Blog
    • Referral
    • Testimonials
Sucuri Blog
  • Terms of Use
  • Privacy Policy
  • Do Not Sell My Personal Information
  • Frequently Asked Questions
© 2023 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.