Klikki Oy

Jun 21, 2016
A WordPress core stored XSS vulnerability found by Klikki was fixed - reported a month ago as a side product of the Uber bug hunt.
Jun 08, 2016
In the news:
Uber Pays Researcher $10,000 for Critical Flaw (SecurityWeek)
Uber Pays Researcher $10k for Login Bypass Exploit (Threatpost)
May 17, 2016
All-in-One Event Calendar by Time.ly stored XSS and SQL injection Read more »
January 19, 2016
Yahoo Mail vulnerability found by Klikki Oy could compromise or infect email accounts. Vulnerability patched earlier this month.
Read more »
July 24, 2015
Another WordPress stored XSS found by Klikki back in November 2014 patched.
Read more »
June 02, 2015
A zero day vulnerability in Unity Web Player.
Read more »  Vulnerability test »
May 04, 2015
In the news:
Just-released WordPress 0day makes it easy to hijack millions of websites (Ars Technica)
Hackers can infiltrate WordPress sites through comments section (The Hill)
WordPress Under Attack As Double Zero-Day Trouble Lands (Forbes)
Millions of Wordpress sites are vulnerable to this major security flaw (Business Insider)
April 26, 2015
WordPress vulnerable to another comment XSS exploit identified by Klikki.
Read more »
April 14, 2015
Adobe released patches for two critical Flash vulnerabilities reported by Klikki: a "double free" bug and unrestricted video/audio recording on the target system.

Read more » Video demo »

April 13, 2015
In the news:
Facebook, Researcher Quarrel Over Bug Reward Eligibility (SecurityWeek)
Apple Fixes Cookie Access Vulnerability in Billions of Safari Devices (Kaspersky Threatpost)
Apple splats Safari flaw affecting a BEELLION iThings (The Register)
Flash Player Bug Allows Video, Audio Recording Without User Content (Softpedia)
April 8, 2015
Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows). Patches available now. Read more » Vulnerability test »
March 12, 2015
Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in. Patch available. Updated March 13. Read more »
November 20, 2014
Critical WordPress security vulnerability discovered by Klikki Oy affects tens of millions of web sites:
Press release »  Technical advisory »  Vulnerability test »
Unpublished zero-days
Interested our unpublished zero-days?  Contact us!

Cyber security

Advisory archive

Customer references

  • Danske Bank
  • Balancion

Game development

Kiekko.tk  Socceracy  TyperA