Marc-Alexandre Montpas

50 posts

Marc-Alexandre Montpas is Sucuri’s Senior Security Analyst who joined the company in 2014. Marc’s main responsibilities include reversing security patches and scavenging vulnerabilities, old and new. His professional experience covers eight years of finding bugs in open-source software. When Marc isn’t breaking things, you might find him participating in a hacking CTF competition. Connect with him on Twitter.

Security Advisory – VirtueMart Extension for Joomla!

Marc-Alexandre Montpas
September 10, 2014

If you’re using the popular VirtueMart Joomla! extension (more than 3,500,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF)…

Read the Post

Security Advisory – Akeeba Backup for Joomla!

Marc-Alexandre Montpas
August 21, 2014

We have also released a more recent post exploring this vulnerability further: The Details Behind the Akeeba Backup Vulnerability If you’re a user of the…

Read the Post

Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin

Marc-Alexandre Montpas
August 7, 2014

If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we…

Read the Post

Disclosure: Insecure Nonce Generation in WPtouch

Marc-Alexandre Montpas
July 14, 2014

If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…

Read the Post

Disclosure: Remote Code Execution Vuln in Disqus

Marc-Alexandre Montpas
June 20, 2014

We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform…

Read the Post

Vulnerability found in the All in One SEO Pack WordPress Plugin

Marc-Alexandre Montpas
May 31, 2014

The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching…

Read the Post