Skip to content
Klikki Tmi
Search for:
X
Search for:
X

WordPress core stored XSS

Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the

Read More

July 24, 2015October 26, 2023 klikki
security bug bounty, wordpress

Unity Web Player cross domain policy bypass

Update 05 June, 2015: added some details and an online vulnerability test. If the app is loaded from a URL containing the user:password

Read More

June 2, 2015February 3, 2023 klikki
security

Media reports of the WordPress vulnerability found by Klikki

Just-released WordPress 0day makes it easy to hijack millions of websites (Ars Technica)Hackers can infiltrate WordPress sites through comments section (The Hill)WordPress Under Attack

Read More

May 4, 2015February 3, 2023 klikki
media, security

WordPress 4.2 core stored XSS

Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script

Read More

April 26, 2015February 3, 2023 klikki
security wordpress

Google Analytics by Yoast stored XSS #2

Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress

Read More

April 20, 2015February 3, 2023 klikki
security bug bounty, wordpress

Adobe Flash double free and cross domain bypass

Adobe security update APSB15-06 addresses a “double free” vulnerability in the Flash Player Settings Manager. It’s a standalone program that can be launched programmatically

Read More

April 15, 2015February 3, 2023 klikki
security bug bounty

Media coverage of Klikki’s vulnerability findings – Apple, Facebook, Adobe Flash

Facebook, Researcher Quarrel Over Bug Reward Eligibility (SecurityWeek)Apple Fixes Cookie Access Vulnerability in Billions of Safari Devices (Kaspersky Threatpost)Apple splats Safari flaw affecting a

Read More

April 13, 2015February 3, 2023 klikki
media, security

Safari iOS/OSX/Windows cookie vulnerability

Overview The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which,

Read More

April 12, 2015February 3, 2023 klikki
security

Google Analytics by Yoast stored XSS

Updated March 20: added some technical details and YouTube demo. Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With

Read More

March 19, 2015February 3, 2023 klikki
security wordpress

WPML vulnerabilities

Update March 13: Added vulnerability #4, unauthenticated administrative functions. Update April 12: Added vulnerability #5, reflected XSS via HTTP referer. March 19: See also Google Analytics

Read More

March 12, 2015February 3, 2023 klikki
security bug bounty, wordpress

Posts pagination

Previous 1 2 3 4 5 Next
  • media
  • security
  • Kiekko.tk
  • TyperA
  • EverQuest Online Adventures
  • jouko@iki.fi
  • HackerOne
  • Twitter
Powered by WordPress

All rights reserved © Klikki Fast Press Theme by Seos Themes