• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
  • Immediate Help
  • Login
  • Languages
    • English
    • Spanish
    • Portuguese

Marc-Alexandre Montpas - Sucuri Security Researcher

Marc's passion for code and IT security has no limit. You'll generally find him competing in Capture-the-Flag (CTF) competitions or searching for security vulnerabilities in widespread products for the fun of it. He's also a great fan of heavy metal music. Follow him on Twitter at @mars0h.

About Marc-Alexandre Montpas

Marc's passion for code and IT security has no limit. You'll generally find him competing in Capture-the-Flag (CTF) competitions or searching for security vulnerabilities in widespread products for the fun of it. He's also a great fan of heavy metal music. Follow him on Twitter at @marcs0h.

Formidable Forms & Shortcodes Exploits

November 24, 2017Marc-Alexandre Montpas

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation. Over the past couple of weeks, we’ve noticed a large influx in the…

Read More about Formidable Forms / Shortcodes Ultimate Exploits In The Wild

WordPress Vulnerablity Disclosre

November 13, 2017Marc-Alexandre Montpas

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met,…

Read More about SQL Injection in bbPress

May 17, 2017Marc-Alexandre Montpas

SQL Injection Vulnerability in Joomla! 3.7

During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and doesn’t require a privileged account…

Read More about SQL Injection Vulnerability in Joomla! 3.7

WordPress Vulnerablity Disclosre

March 13, 2017Marc-Alexandre Montpas

Stored XSS in WordPress Core

As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported…

Read More about Stored XSS in WordPress Core

WordPress Vulnerablity Disclosre

February 1, 2017Marc-Alexandre Montpas

Content Injection Vulnerability in WordPress

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered…

Read More about Content Injection Vulnerability in WordPress

October 26, 2016Marc-Alexandre Montpas

Details on the Privilege Escalation Vulnerability in Joomla

Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability. As we’ve seen some exploits attempts occurring in the wild, we feel it is a…

Read More about Details on the Privilege Escalation Vulnerability in Joomla

WordPress Vulnerablity Disclosre

August 16, 2016Marc-Alexandre Montpas

SQL Injection Vulnerability in Ninja Forms

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. Vulnerability…

Read More about SQL Injection Vulnerability in Ninja Forms

May 27, 2016Marc-Alexandre Montpas

Security Advisory: Stored XSS in Jetpack

During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites….

Read More about Security Advisory: Stored XSS in Jetpack

May 3, 2016Marc-Alexandre Montpas

Security Advisory: Stored XSS in bbPress

During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites – one…

Read More about Security Advisory: Stored XSS in bbPress

January 22, 2016Marc-Alexandre Montpas

Security Advisory: Stored XSS in Magento

During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team…

Read More about Security Advisory: Stored XSS in Magento

December 15, 2015Marc-Alexandre Montpas

Vulnerability Details: Joomla! Remote Code Execution

The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of…

Read More about Vulnerability Details: Joomla! Remote Code Execution

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Sucuri website security

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2018 Sucuri Inc. All rights reserved