Does Oikko – All-in-One Team Management have any unpatched vulnerabilities?

No. All known vulnerabilities in Oikko – All-in-One Team Management have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Oikko – All-in-One Team Management compatible with WordPress 6.9.4?

According to WordPress.org data, Oikko – All-in-One Team Management 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Oikko – All-in-One Team Management compatible with PHP 7.4+?

Oikko – All-in-One Team Management requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Oikko – All-in-One Team Management updated?

Oikko – All-in-One Team Management was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Oikko – All-in-One Team Management's security score?

Oikko – All-in-One Team Management has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Oikko – All-in-One Team Management Security Review

Safety Verdict

Is Oikko – All-in-One Team Management Safe to Use in 2026?

Generally Safe

Score 100/100

Oikko – All-in-One Team Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "oikko-team-management" plugin v1.1.0 exhibits a generally strong security posture, as indicated by its lack of known vulnerabilities and responsible coding practices. The plugin heavily utilizes prepared statements for all SQL queries and demonstrates a high percentage of properly escaped output, significantly mitigating risks of SQL injection and cross-site scripting (XSS) respectively. The presence of nonces and capability checks on most entry points further reinforces its security. However, a notable concern arises from the presence of 3 AJAX handlers that lack authentication checks. This creates a direct attack vector for unauthenticated users to potentially interact with sensitive functionality within the plugin, leading to unexpected behavior or information disclosure.

The absence of any recorded vulnerabilities in its history suggests a commitment to security by the developers. The taint analysis shows no concerning flows, and dangerous functions are not utilized. While the plugin boasts a large number of entry points (48 AJAX handlers), the majority are protected. The few unprotected AJAX handlers represent the most significant immediate risk identified in this analysis. Overall, the plugin is well-developed from a security perspective, but these unauthenticated AJAX endpoints require immediate attention to achieve a truly robust security profile.

Key Concerns

AJAX handlers without authentication checks
High percentage of AJAX handlers

Vulnerabilities

None known

Oikko – All-in-One Team Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Oikko – All-in-One Team Management Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

130 prepared

Unescaped Output

125

399 escaped

Nonce Checks

47

Capability Checks

51

File Operations

0

External Requests

1

Bundled Libraries

0

SQL Query Safety

100% prepared130 total queries

Output Escaping

76% escaped524 total outputs

Data Flows

All sanitized

Data Flow Analysis

25 flows

oikkotm_get_user_attendance (includes\class-oikkotm-attendance.php:259)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Oikko – All-in-One Team Management Attack Surface

Entry Points49

Unprotected3

AJAX Handlers 48

authwp_ajax_oikkotm_clock_inincludes\class-oikkotm-attendance.php:27

authwp_ajax_oikkotm_clock_outincludes\class-oikkotm-attendance.php:28

authwp_ajax_oikkotm_get_clock_in_timeincludes\class-oikkotm-attendance.php:29

authwp_ajax_oikkotm_get_user_attendanceincludes\class-oikkotm-attendance.php:30

authwp_ajax_oikkotm_get_location_by_latlngincludes\class-oikkotm-attendance.php:32

authwp_ajax_oikkotm_check_clock_in_statusincludes\class-oikkotm-attendance.php:33

authwp_ajax_oikkotm_get_attendance_users_listincludes\class-oikkotm-attendance.php:34

authwp_ajax_oikkotm_react_to_messageincludes\class-oikkotm-chat-actions.php:27

authwp_ajax_oikkotm_get_emoji_usersincludes\class-oikkotm-chat-actions.php:28

authwp_ajax_oikkotm_get_channel_n_user_listincludes\class-oikkotm-chat-actions.php:29

authwp_ajax_oikkotm_forward_messageincludes\class-oikkotm-chat-actions.php:30

authwp_ajax_oikkotm_delete_messageincludes\class-oikkotm-chat-actions.php:31

authwp_ajax_oikkotm_load_message_headerincludes\class-oikkotm-chat-actions.php:32

authwp_ajax_oikkotm_refresh_message_reactionsincludes\class-oikkotm-chat-actions.php:33

authwp_ajax_oikkotm_send_messageincludes\class-oikkotm-chat.php:28

authwp_ajax_oikkotm_load_messagesincludes\class-oikkotm-chat.php:29

authwp_ajax_oikkotm_count_unseen_messagesincludes\class-oikkotm-chat.php:32

authwp_ajax_oikkotm_load_new_messagesincludes\class-oikkotm-chat.php:33

authwp_ajax_oikkotm_get_username_by_idincludes\class-oikkotm-chat.php:34

authwp_ajax_oikkotm_handle_file_uploadincludes\class-oikkotm-chat.php:35

authwp_ajax_oikkotm_create_departmentincludes\class-oikkotm-departments.php:29

authwp_ajax_oikkotm_get_departmentsincludes\class-oikkotm-departments.php:30

authwp_ajax_oikkotm_delete_departmentincludes\class-oikkotm-departments.php:31

authwp_ajax_oikkotm_get_department_dataincludes\class-oikkotm-departments.php:32

authwp_ajax_oikkotm_update_departmentincludes\class-oikkotm-departments.php:33

authwp_ajax_oikkotm_create_designationincludes\class-oikkotm-designations.php:27

authwp_ajax_oikkotm_get_designationsincludes\class-oikkotm-designations.php:28

authwp_ajax_oikkotm_delete_designationincludes\class-oikkotm-designations.php:29

authwp_ajax_oikkotm_get_designation_dataincludes\class-oikkotm-designations.php:30

authwp_ajax_oikkotm_update_designationincludes\class-oikkotm-designations.php:31

authwp_ajax_oikkotm_update_last_seen_messageincludes\class-oikkotm-lastseen.php:26

authwp_ajax_oikkotm_create_shiftincludes\class-oikkotm-shifts.php:27

authwp_ajax_oikkotm_get_shiftsincludes\class-oikkotm-shifts.php:28

authwp_ajax_oikkotm_delete_shiftincludes\class-oikkotm-shifts.php:29

authwp_ajax_oikkotm_get_shift_dataincludes\class-oikkotm-shifts.php:30

authwp_ajax_oikkotm_update_shiftincludes\class-oikkotm-shifts.php:31

authwp_ajax_oikkotm_convert_world_timeincludes\class-oikkotm-timeconverter.php:30

authwp_ajax_oikkotm_update_user_profileincludes\class-oikkotm-users.php:29

authwp_ajax_oikkotm_upload_user_documentincludes\class-oikkotm-users.php:30

authwp_ajax_oikkotm_get_user_documentsincludes\class-oikkotm-users.php:31

authwp_ajax_oikkotm_delete_user_documentincludes\class-oikkotm-users.php:32

authwp_ajax_oikkotm_approve_user_documentincludes\class-oikkotm-users.php:33

authwp_ajax_oikkotm_get_admin_user_documentsincludes\class-oikkotm-users.php:34

authwp_ajax_oikkotm_create_new_userincludes\class-oikkotm-users.php:35

authwp_ajax_oikkotm_delete_userincludes\class-oikkotm-users.php:36

authwp_ajax_oikkotm_get_users_listincludes\class-oikkotm-users.php:37

authwp_ajax_oikkotm_get_user_detailsincludes\class-oikkotm-users.php:38

authwp_ajax_oikkotm_update_userincludes\class-oikkotm-users.php:39

Shortcodes 1

[oikkotm_dashboard] includes\class-oikkotm-chat.php:30

WordPress Hooks 14

actionadmin_menuincludes\class-oikkotm-admin.php:29

actionadmin_initincludes\class-oikkotm-admin.php:30

actioninitincludes\class-oikkotm-admin.php:31

actioninitincludes\class-oikkotm-admin.php:32

actionoikkotm_auto_clock_out_userincludes\class-oikkotm-attendance.php:31

actionoikkotm_dashboard_wrapper_footerincludes\class-oikkotm-chat.php:31

actionwp_enqueue_scriptsincludes\class-oikkotm-enqueue.php:26

actionadmin_enqueue_scriptsincludes\class-oikkotm-enqueue.php:27

actionlogin_enqueue_scriptsincludes\class-oikkotm-login.php:28

actiontemplate_redirectincludes\class-oikkotm-login.php:29

actionupdate_option_oikkotm_general_settingsincludes\oikkotm-helper-functions.php:287

filterdisplay_post_statesincludes\oikkotm-helper-functions.php:311

filtershow_admin_barincludes\oikkotm-helper-functions.php:325

filtertemplate_includeincludes\oikkotm-helper-functions.php:337

Scheduled Events 1

auto_clock_out_user

Maintenance & Trust

Oikko – All-in-One Team Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads161

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Oikko – All-in-One Team Management Alternatives

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A

96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Joinchat

creame-whatsapp-me

A

100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

chaty

A

92

WhatsApp chat, Facebook Messenger, Telegram, TikTok, Instagram, Email, Line, WeChat Phone call, SMS, 20+ live chat icons & WhatsApp chat pop up 💬

400K 11 CVEs

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

A

98

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 2 CVEs

Social Chat – Click To Chat App Button

wp-whatsapp-chat

A

100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE

Developer Profile

Oikko – All-in-One Team Management Developer Profile

WP Plugin Studio

1 plugin · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Oikko – All-in-One Team Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oikko-team-management/assets/css/styles.css/wp-content/plugins/oikko-team-management/assets/css/bootstrap.min.css/wp-content/plugins/oikko-team-management/assets/css/bootstrap-icons.min.css/wp-content/plugins/oikko-team-management/assets/css/dashboard.css/wp-content/plugins/oikko-team-management/assets/css/dashboard-style-preset.css/wp-content/plugins/oikko-team-management/assets/css/fonts/opensans.css/wp-content/plugins/oikko-team-management/assets/js/chat.js/wp-content/plugins/oikko-team-management/assets/js/attendance.js+14 more

Script Paths

/wp-content/plugins/oikko-team-management/assets/js/chat.js/wp-content/plugins/oikko-team-management/assets/js/attendance.js/wp-content/plugins/oikko-team-management/assets/js/popper.min.js/wp-content/plugins/oikko-team-management/assets/js/bootstrap.bundle.min.js/wp-content/plugins/oikko-team-management/assets/js/pcoded.js/wp-content/plugins/oikko-team-management/assets/js/feather.min.js+10 more

Version Parameters

oikko-team-management/assets/css/styles.css?ver=oikko-team-management/assets/css/bootstrap.min.css?ver=oikko-team-management/assets/css/bootstrap-icons.min.css?ver=oikko-team-management/assets/css/dashboard.css?ver=oikko-team-management/assets/css/dashboard-style-preset.css?ver=oikko-team-management/assets/css/fonts/opensans.css?ver=oikko-team-management/assets/js/chat.js?ver=oikko-team-management/assets/js/attendance.js?ver=oikko-team-management/assets/js/popper.min.js?ver=oikko-team-management/assets/js/bootstrap.bundle.min.js?ver=oikko-team-management/assets/js/pcoded.js?ver=oikko-team-management/assets/js/feather.min.js?ver=oikko-team-management/assets/js/simplebar.min.js?ver=oikko-team-management/assets/js/sweetalert2.js?ver=oikko-team-management/assets/js/tooltip.js?ver=oikko-team-management/assets/js/profile-edit.js?ver=oikko-team-management/assets/js/documents.js?ver=oikko-team-management/assets/js/users.js?ver=oikko-team-management/assets/js/time-converter.js?ver=oikko-team-management/assets/js/departments.js?ver=oikko-team-management/assets/js/designations.js?ver=oikko-team-management/assets/js/shifts.js?ver=

HTML / DOM Fingerprints

CSS Classes

oikkotm-dashboard

JS Globals

oikkotm_ajax

FAQ

Oikko – All-in-One Team Management Security & Risk Analysis