Klikki Oy

Oct 28, 2020
HEY.com stored XSS vulnerability report Read more »
Feb 15, 2019
Third stored XSS vulnerability in Yahoo Mail Read more »
Nov 14, 2017
Formidable Forms various vulnerabilities Read more »
Oct 24, 2017
Klikki Oy finds a vulnerability affecting about 100 million users, $20,000 bug bounty Read more » (in Finnish)
Oct 19, 2017
WP Engine security issues Read more »
Feb 17, 2017
Stored XSS vulnerability in BetterTTV for Twitch.tv Read more »
Dec 12, 2016
In the news:
Hacker Finds a Way to Break Into Any Yahoo Mail Inbox, Gets $10,000 (VICE Motherboard)
Yahoo Mail XSS Bug Worth Another $10K to Researcher (Threatpost)
Dec 08, 2016
Critical security vulnerability in Yahoo Mail fixed Read more »
Nov 23, 2016
PageLines Platform 4 CSRF-RCE vulnerability Read more »
Oct 02, 2016
W3 Total Cache server side request forgery bug reported by Klikki fixed
Read more »
Oct 02, 2016
Uber OneLogin authentication bypass by Klikki was the most viewed vulnerability report of Q2 2016 on HackerOne
Jun 21, 2016
A WordPress core stored XSS vulnerability found by Klikki was fixed - reported a month ago as a side product of the Uber bug hunt.
Jun 08, 2016
In the news:
Uber Pays Researcher $10,000 for Critical Flaw (SecurityWeek)
Uber Pays Researcher $10k for Login Bypass Exploit (Threatpost)
May 17, 2016
All-in-One Event Calendar by Time.ly stored XSS and SQL injection Read more »
January 19, 2016
Yahoo Mail vulnerability found by Klikki Oy could compromise or infect email accounts. Vulnerability patched earlier this month.
Read more »
July 24, 2015
Another WordPress stored XSS found by Klikki back in November 2014 patched.
Read more »
June 02, 2015
A zero day vulnerability in Unity Web Player.
Read more »  Vulnerability test »
May 04, 2015
In the news:
Just-released WordPress 0day makes it easy to hijack millions of websites (Ars Technica)
Hackers can infiltrate WordPress sites through comments section (The Hill)
WordPress Under Attack As Double Zero-Day Trouble Lands (Forbes)
Millions of Wordpress sites are vulnerable to this major security flaw (Business Insider)
April 26, 2015
WordPress vulnerable to another comment XSS exploit identified by Klikki.
Read more »
April 14, 2015
Adobe released patches for two critical Flash vulnerabilities reported by Klikki: a "double free" bug and unrestricted video/audio recording on the target system.

Read more » Video demo »

April 13, 2015
In the news:
Facebook, Researcher Quarrel Over Bug Reward Eligibility (SecurityWeek)
Apple Fixes Cookie Access Vulnerability in Billions of Safari Devices (Kaspersky Threatpost)
Apple splats Safari flaw affecting a BEELLION iThings (The Register)
Flash Player Bug Allows Video, Audio Recording Without User Content (Softpedia)
April 8, 2015
Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows). Patches available now. Read more » Vulnerability test »
March 12, 2015
Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in. Patch available. Updated March 13. Read more »
November 20, 2014
Critical WordPress security vulnerability discovered by Klikki Oy affects tens of millions of web sites:
Press release »  Technical advisory »  Vulnerability test »

Cyber security

Advisory archive

Customer references

  • Danske Bank
  • Balancion

Game development

Kiekko.tk  TyperA