Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
Sucuri Blog
  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Multi-Site plans
    • Custom & Enterprise Plans
    • Partnerships
  • Features
    • Detection
      Website Monitoring & Alerts
    • Protection
      Future Website Hacks
    • Performance
      Speed Up Your Website
    • Response
      Help For Hacked Websites
    • Backups
      Disaster Recovery Plan
  • Resources
    • Guides
    • Webinars
    • Infographics
    • Blog
    • SiteCheck
    • Reports
    • Email Courses
  • Pricing
  • Immediate Help
  • Login
  • Immediate Help
Login
Login

New Customer?

Sign up now.
  • Submit a ticket
  • Knowledge base
  • Chat now

Marc-Alexandre Montpas

50 posts
Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

Analysis of the Fancybox-For-WordPress Vulnerability

  • Marc-Alexandre Montpas
  • February 16, 2015
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
Read the Post
  • Security Advisory
  • Vulnerability Disclosure
  • WordPress Security

Advisory – Dangerous “nonce” Leak in UpdraftPlus

  • Marc-Alexandre Montpas
  • February 3, 2015
If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…
Read the Post

Critical “GHOST” Vulnerability Released

  • Marc-Alexandre Montpas
  • January 28, 2015
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security…
Read the Post
  • Vulnerability Disclosure
  • WordPress Security

Security Advisory – Vulnerabilities in Pagelines for WordPress

  • Marc-Alexandre Montpas
  • January 21, 2015
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…
Read the Post

vBSEO’s Vulnerability Leads to Remote Code Execution

  • Marc-Alexandre Montpas
  • January 13, 2015
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further…
Read the Post

Critical Vulnerability Affecting HD FLV Player

  • Marc-Alexandre Montpas
  • December 10, 2014
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla, WordPress and custom websites. It was silently patched on Joomla…
Read the Post
  • Security Advisory
  • Vulnerability Disclosure
  • WordPress Security

Security Advisory – High Severity – InfiniteWP Client WordPress plugin

  • Marc-Alexandre Montpas
  • December 2, 2014
If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…
Read the Post
  • Security Advisory
  • Security Education
  • Vulnerability Disclosure
  • WordPress Security

Security Advisory – High severity – WP-Statistics WordPress Plugin

  • Marc-Alexandre Montpas
  • November 20, 2014
If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
Read the Post

Deep Dive into the HikaShop Vulnerability

  • Marc-Alexandre Montpas
  • November 17, 2014
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…
Read the Post

The Details Behind the Akeeba Backup Vulnerability

  • Marc-Alexandre Montpas
  • October 22, 2014
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups…
Read the Post
  • Ecommerce Security
  • Joomla Security
  • Security Advisory
  • Vulnerability Disclosure
  • Website Security

Security Advisory – Hikashop Extension for Joomla!

  • Marc-Alexandre Montpas
  • September 24, 2014
In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on…
Read the Post
Search
Sucuri Sidebar Malware Removal to Signup Page
Sucuri Logo

Let’s Connect

Products
Website Firewall Website Security Platform WordPress Security Website Backups Hack Assistance Pricing
Solutions
DDoS Protection Malware Detection Malware Removal Malware Prevention Blacklist Removal SEO Spam Removal
USE CASES
Developers Ecommerce Agency Plans Enterprise Services HTTPS/2 Virtual Patching
Support
Knowledge Base SiteCheck Guides Research Labs Report Abuse Status Report
Company
About Sucuri Contact Blog Referral Partners Testimonials
Terms of Use Privacy Policy Do Not Sell My Personal Information Frequently Asked Questions

© 2025 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.

back to top

'