Marc-Alexandre Montpas

50 posts

Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

Security Advisory: Stored XSS in Jetpack

Marc-Alexandre Montpas
May 27, 2016

During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…

Read the Post

Security Advisory: Stored XSS in bbPress

Marc-Alexandre Montpas
May 3, 2016

During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on…

Read the Post

Security Advisory: Stored XSS in Magento

Marc-Alexandre Montpas
January 22, 2016

During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely.…

Read the Post

Vulnerability Details: Joomla! Remote Code Execution

Marc-Alexandre Montpas
December 15, 2015

The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected…

Read the Post

Security Advisory: Stored XSS in Akismet WordPress Plugin

Marc-Alexandre Montpas
October 14, 2015

During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.

Read the Post

Security Advisory: Stored XSS in Jetpack

Marc-Alexandre Montpas
October 1, 2015

During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…

Read the Post

Persistent XSS Vulnerability in WordPress Explained

Marc-Alexandre Montpas
August 11, 2015

Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you’ll find one that we identified a few months…

Read the Post

Security Advisory: Object Injection Vulnerability in WooCommerce

Marc-Alexandre Montpas
June 10, 2015

During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…

Read the Post

Critical Persistent XSS 0day in WordPress

Marc-Alexandre Montpas
April 27, 2015

*Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…

Read the Post

Security Advisory: Persistent XSS in WP-Super-Cache

Marc-Alexandre Montpas
April 7, 2015

During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…

Read the Post