Does Stock Quotes List have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Stock Quotes List compatible with WordPress 6.9.4?

According to WordPress.org data, Stock Quotes List 2.9.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Stock Quotes List updated?

Stock Quotes List was last updated on Apr 5, 2026. Frequent updates are generally a positive security signal.

What is Stock Quotes List's security score?

Stock Quotes List has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Stock Quotes List Security & Risk Analysis

wordpress.org/plugins/stock-quotes-list

WordPress plugin and widget for displaying a list of stock market prices and their variations.

600 active installs v2.9.22 PHP + WP 3.1+ Updated Apr 5, 2026

chartfinancegraphstocksticker

A · Safe

CVEs total1

Unpatched0

Last CVESep 4, 2023

Plugin page Download

Safety Verdict

Is Stock Quotes List Safe to Use in 2026?

Generally Safe

Score 100/100

Stock Quotes List has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Sep 4, 2023Updated 1mo ago

Risk Assessment

The 'stock-quotes-list' v2.9.22 plugin exhibits a generally good security posture with several strong practices in place. Notably, it avoids dangerous functions, utilizes prepared statements for all SQL queries, and has a limited attack surface with no unprotected AJAX handlers or REST API routes. The presence of capability checks is also a positive indicator of security awareness. However, the analysis does reveal some areas for concern. A significant portion of output is not properly escaped, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient care before being displayed. Furthermore, the absence of nonce checks on any entry points, including the single shortcode, leaves it open to potential cross-site request forgery (CSRF) attacks. The vulnerability history shows a past medium-severity XSS vulnerability, which, despite being patched, highlights the potential for such issues within the plugin's codebase. While the current version has no unpatched vulnerabilities, the past incident combined with the unescaped output and lack of nonce checks suggests a need for ongoing vigilance and improvement.

Key Concerns

Significant portion of output not properly escaped
No nonce checks found
Past medium severity XSS vulnerability

Vulnerabilities

1 published

Stock Quotes List Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-41666medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 4, 2023 Patched in 2.9.12 (186d)

Version History

Stock Quotes List Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Stock Quotes List Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

97 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

77% escaped126 total outputs

Attack Surface

Stock Quotes List Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[stock-quotes-list] stockdio_quotes_stockdioplugin.php:1207

WordPress Hooks 16

actionenqueue_block_assetssrc/init.php:34

actionenqueue_block_editor_assetssrc/init.php:116

filterblock_categoriessrc/init.php:119

actioninitsrc/init.php:152

actionadmin_menustockdio_quotes_stockdioplugin.php:60

actionadmin_initstockdio_quotes_stockdioplugin.php:61

actionadmin_noticesstockdio_quotes_stockdioplugin.php:62

actionadmin_enqueue_scriptsstockdio_quotes_stockdioplugin.php:65

filtermce_external_pluginsstockdio_quotes_stockdioplugin.php:216

filtermce_buttonsstockdio_quotes_stockdioplugin.php:217

actionwp_print_scriptsstockdio_quotes_stockdioplugin.php:1204

actionwp_headstockdio_quotes_stockdioplugin.php:1220

filtermce_buttonsstockdio_quotes_stockdioplugin.php:1557

filtermce_external_pluginsstockdio_quotes_stockdioplugin.php:1563

actionadmin_print_stylesstockdio_quotes_widget.php:281

actionwidgets_initstockdio_quotes_widget.php:293

Maintenance & Trust

Stock Quotes List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 5, 2026

PHP min version

Downloads39K

Community Trust

Rating88/100

Number of ratings7

Active installs600

Alternatives

Stock Quotes List Alternatives

Stockdio Historical Chart

stockdio-historical-chart

WordPress plugin and widget for displaying stock market live charts and technical indicators.

900 2 CVEs

Stock Market Overview

stock-market-overview

100

At-a-glance display of stock market, with categories for Equities, Indices, Commodities and Currencies. Supports over 65 world exchanges.

2K No CVEs

Stock market charts from finviz

stock-market-charts-from-finviz

100

Embed dynamic stock market charts from finviz.com

400 1 CVE

Jika.io Stock Market Widgets

jika-stock-market-widgets

Stock Market Widgets for WordPress By Jika.io

50 No CVEs

Visualizer: Tables and Charts Manager for WordPress

visualizer

Create responsive charts and tables manually or let the built-in AI build them from a simple text prompt. Supports multiple chart types and flexible d …

20K 12 CVEs

Developer Profile

Stock Quotes List Developer Profile

Stockdio

6 plugins · 7K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

459 days

View full developer profile

Detection Fingerprints

How We Detect Stock Quotes List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stock-quotes-list/assets/stockdio-wp.css/wp-content/plugins/stock-quotes-list/assets/stockdio-tinymce-button.css/wp-content/plugins/stock-quotes-list/assets/Sortable.min.js/wp-content/plugins/stock-quotes-list/assets/stockdio-wp.js/wp-content/plugins/stock-quotes-list/assets/stockdio_search.css/wp-content/plugins/stock-quotes-list/assets/stockdio_search.js

Script Paths

assets/Sortable.min.jsassets/stockdio-wp.jsassets/stockdio_search.js

Version Parameters

stock-quotes-list/assets/stockdio-wp.css?ver=stock-quotes-list/assets/stockdio-tinymce-button.css?ver=stock-quotes-list/assets/Sortable.min.js?ver=stock-quotes-list/assets/stockdio-wp.js?ver=stock-quotes-list/assets/stockdio_search.css?ver=stock-quotes-list/assets/stockdio_search.js?ver=

HTML / DOM Fingerprints

CSS Classes

stockdio_register_modestockdio_quotes_board_form

Data Attributes

window.stockdio_quotes_root_folderwindow.stockdio_quotes_board_settingswindow.stockdio_quotes_board

JS Globals

stockdio_quotes_root_folderstockdio_quotes_board_settingsstockdio_quotes_board

FAQ