Marc-Alexandre Montpas

50 posts

Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

Analysis of the Fancybox-For-WordPress Vulnerability

Marc-Alexandre Montpas
February 16, 2015

We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…

Read the Post

Advisory – Dangerous “nonce” Leak in UpdraftPlus

Marc-Alexandre Montpas
February 3, 2015

If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…

Read the Post

Critical “GHOST” Vulnerability Released

Marc-Alexandre Montpas
January 28, 2015

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security…

Read the Post

Security Advisory – Vulnerabilities in Pagelines for WordPress

Marc-Alexandre Montpas
January 21, 2015

Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…

Read the Post

vBSEO’s Vulnerability Leads to Remote Code Execution

Marc-Alexandre Montpas
January 13, 2015

We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further…

Read the Post

Critical Vulnerability Affecting HD FLV Player

Marc-Alexandre Montpas
December 10, 2014

We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla, WordPress and custom websites. It was silently patched on Joomla…

Read the Post

Security Advisory – High Severity – InfiniteWP Client WordPress plugin

Marc-Alexandre Montpas
December 2, 2014

If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…

Read the Post

Security Advisory – High severity – WP-Statistics WordPress Plugin

Marc-Alexandre Montpas
November 20, 2014

If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…

Read the Post

Deep Dive into the HikaShop Vulnerability

Marc-Alexandre Montpas
November 17, 2014

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…

Read the Post

The Details Behind the Akeeba Backup Vulnerability

Marc-Alexandre Montpas
October 22, 2014

It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups…

Read the Post

Security Advisory – Hikashop Extension for Joomla!

Marc-Alexandre Montpas
September 24, 2014

In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on…

Read the Post