Vulnerabilities and security researches foroik oik

Dec 11, 2025

CVE, Research URL: CVE-2025-67549
Home page URL: Security reports for oik
Application: oik
Date: Dec 09, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.
Affected versions: max 4.15.3.
Status: vulnerable

Aug 20, 2025

CVE, Research URL: CVE-2025-54670
Home page URL: Security reports for oik
Application: oik
Date: Aug 20, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.
Affected versions: max 4.15.3.
Status: vulnerable

Aug 06, 2025

CVE, Research URL: CVE-2025-54671
Home page URL: Security reports for oik
Application: oik
Date: Aug 14, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.
Affected versions: max 4.15.3.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-49241
Home page URL: Security reports for oik
Application: oik
Date: Jun 06, 2025
Research Description: Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1.
Affected versions: max 4.15.2.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43356
Home page URL: Security reports for oik
Application: oik
Date: Aug 27, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.
Affected versions: max 4.12.1.
Status: vulnerable

Jul 10, 2024

CVE, Research URL: CVE-2024-6391
Home page URL: Security reports for oik
Application: oik
Date: Jul 09, 2024
Research Description: The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.12.0.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-2256
Home page URL: Security reports for oik
Application: oik
Date: Mar 15, 2024
Research Description: The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.10.2.
Status: vulnerable