Stock Ticker Security & Risk Analysis
wordpress.org/plugins/stock-tickerEasy add customizable moving or static ticker tapes with stock information for custom stock symbols.
Is Stock Ticker Safe to Use in 2026?
Generally Safe
Score 95/100Stock Ticker has a strong security track record. Known vulnerabilities have been patched promptly.
The 'stock-ticker' v3.26.2 plugin presents a mixed security picture. On one hand, the static analysis shows a good effort in implementing security best practices, with all identified entry points (AJAX handlers, REST API routes, and shortcodes) appearing to have authentication and authorization checks. There are no reported dangerous functions or critical/high severity taint flows, which is positive. However, there are significant areas for concern. The plugin exhibits a moderate number of SQL queries, with nearly half not using prepared statements, creating a potential risk for SQL injection. Furthermore, a substantial portion of output is not properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history is particularly concerning, with six past medium-severity CVEs, predominantly involving XSS and authorization issues. The fact that the last vulnerability was as recent as March 2026 suggests a recurring pattern of security weaknesses in the plugin's development. While the current version has no unpatched CVEs, the historical trend and code signals about unescaped output and unsanitized paths warrant caution.
Key Concerns
- SQL queries not using prepared statements
- Output escaping is not properly implemented
- Flows with unsanitized paths found
- History of 6 medium severity CVEs
Stock Ticker Security Vulnerabilities
CVEs by Year
Severity Breakdown
6 total CVEs
Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template
Stock Ticker <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode
Stock Ticker <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scritping
Stock Ticker <= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load
Stock Ticker <= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test
Stock Ticker <= 3.23.0 - Missing Authorization via AJAX actions
Stock Ticker Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Stock Ticker Attack Surface
AJAX Handlers 6
Shortcodes 1
WordPress Hooks 10
Maintenance & Trust
Stock Ticker Maintenance & Trust
Maintenance Signals
Community Trust
Stock Ticker Alternatives
Stock Market Ticker
stock-market-ticker
Easy to use and versatile stock market ticker, with support of over 65 world exchanges, indices, commodities and currencies.
ForexRateAPI
forexrateapi
Display live or historical foreign exchange (forex) rates in over 150+ currencies
Financial Ratio
financial-ratio
Provides a block for Wordpress that displays a financial ratio of a company.
Stock Market Overview
stock-market-overview
At-a-glance display of stock market, with categories for Equities, Indices, Commodities and Currencies. Supports over 65 world exchanges.
Stockdio Historical Chart
stockdio-historical-chart
WordPress plugin and widget for displaying stock market live charts and technical indicators.
Stock Ticker Developer Profile
8 plugins · 108K total installs
How We Detect Stock Ticker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/stock-ticker/css/stock-ticker.css/wp-content/plugins/stock-ticker/js/stock-ticker.js/wp-content/plugins/stock-ticker/js/stock-ticker.jsstock-ticker/css/stock-ticker.css?ver=stock-ticker/js/stock-ticker.js?ver=HTML / DOM Fingerprints
wpau-stock-ticker-widget<!-- Initialize stock ticker --><!-- Initialize stock ticker widget -->data-stockticker-iddata-stockticker-optionswpau_stock_ticker_ajax_obj[stock_ticker