Klikki Oy -

Klikki Oy

July 24, 2015

Another WordPress stored XSS found by Klikki back in November 2014 patched.
Read more »

June 02, 2015

A zero day vulnerability in Unity Web Player.
Read more » Vulnerability test »

May 04, 2015

In the news:
Just-released WordPress 0day makes it easy to hijack millions of websites (Ars Technica)
Hackers can infiltrate WordPress sites through comments section (The Hill)
WordPress Under Attack As Double Zero-Day Trouble Lands (Forbes)
Millions of Wordpress sites are vulnerable to this major security flaw (Business Insider)

April 26, 2015

WordPress vulnerable to another comment XSS exploit identified by Klikki.
Read more »

April 20, 2015

Another vulnerability, admin panel stored XSS in Yoast's Google Analytics plug-in identified by Klikki, leading to server-side code execution, affects millions of WordPress sites.
Read more »

April 14, 2015

Adobe released patches for two critical Flash vulnerabilities reported by Klikki: a "double free" bug and unrestricted video/audio recording on the target system.

Read more » Video demo »

April 13, 2015

In the news:
Facebook, Researcher Quarrel Over Bug Reward Eligibility (SecurityWeek)
Apple Fixes Cookie Access Vulnerability in Billions of Safari Devices (Kaspersky Threatpost)
Apple splats Safari flaw affecting a BEELLION iThings (The Register)
Flash Player Bug Allows Video, Audio Recording Without User Content (Softpedia)

April 8, 2015

Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows). Patches available now. Read more » Vulnerability test »

March 19, 2015

A stored XSS vulnerability in Google Analytics by Yoast can lead to code execution by unauthenticated users, affecting millions of WordPress sites. Read more »

March 12, 2015

Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in. Patch available. Updated March 13. Read more »

January 31, 2015

Another 0-day to be released soon: WordPress 3.0 - 4.1.1 core stored XSS, vendor notified on November 7. Same impact as the previous but more restricted attack vector.

January 6, 2015

Klikki's pioneering typing test site TyperA goes viral after stories on Huffington Post, MTV, Cosmopolitan, etc.

December 1, 2014

WordPress core XSS proof of concept exploit published. Read more »

November 20, 2014

Critical WordPress security vulnerability discovered by Klikki Oy affects tens of millions of web sites:
Press release » Technical advisory » Vulnerability test »

Unpublished zero-days

Interested our unpublished zero-days? Contact us!

Cyber security

Advisory archive

Customer references

Danske Bank
Balancion

Game development

Hockey.tk Socceracy TyperA