[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7m3iXh3ISLxGhJKNdxC4FGNKxOs7YzOhki74y2j7Mys":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":110,"crawl_stats":37,"alternatives":118,"analysis":205,"fingerprints":433},"stock-ticker","Stock Ticker","3.26.2","Aleksandar Urošević","https:\u002F\u002Fprofiles.wordpress.org\u002Furkekg\u002F","\u003Cp>A simple and easy configurable plugin for WordPress that allows you to insert a stock ticker with stock price information to posts, pages, widgets, or even to template files. Insertion is enabled by a shortcode or multi-instance widget.\u003C\u002Fp>\n\u003Cp>Stock data is fetched by the API from \u003Ca href=\"https:\u002F\u002Fwww.alphavantage.co\u002F\" rel=\"nofollow ugc\">Alpha Vantage\u003C\u002Fa>. You’ll need an AlphaVantage.co API Key.\u003C\u002Fp>\n\u003Cp>Stock Ticker is an advanced variation of the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-quote\u002F\" rel=\"ugc\">Stock Quote\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multisite WordPress is not supported yet.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> Stock Ticker does not have its Gutenberg Block. You can use Shortcode Block or Common Block to insert the Stock Ticker within the post\u002Fpage content.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>All stock data used in \u003Cstrong>Stock Ticker\u003C\u002Fstrong> is provided by \u003Cstrong>Alpha Vantage\u003C\u002Fstrong>, displayed for informational and educational purposes only and should not be considered as investment advice.\u003C\u002Fp>\n\u003Cp>As of the end of 2023, AlphaVantage limited the Free API tier to 5 requests per minute and 25 requests per day.\u003C\u002Fp>\n\u003Cp>Before presenting stock data on your website publicly, ensure that you comply with the Alpha Vantage \u003Ca href=\"https:\u002F\u002Fwww.alphavantage.co\u002Fterms_of_service\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and have a valid commercial license!\u003C\u002Fp>\n\u003Cp>The author of the \u003Cstrong>Stock Ticker\u003C\u002Fstrong> plugin does not accept liability or responsibility for your use of the plugin, including but not limited to trading and investment results. Additionally, the author of the \u003Cstrong>Stock Ticker\u003C\u002Fstrong> plugin can not guarantee that stock prices are always accurate, as they are provided by a third-party service for free.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Set a global set of symbols you’ll use site-wide.\u003C\u002Fli>\n\u003Cli>Configure the default set of stock symbols that will be displayed in the ticker inserted by the empty shortcode.\u003C\u002Fli>\n\u003Cli>Configure the default presence of the company as Company Name or as a Stock Symbol.\u003C\u002Fli>\n\u003Cli>Configure colours for unchanged quote, negative and positive changes with the colour picker.\u003C\u002Fli>\n\u003Cli>Disable scrolling ticker and make it static.\u003C\u002Fli>\n\u003Cli>Define custom names for companies to be used instead of the symbols.\u003C\u002Fli>\n\u003Cli>Define custom elements as a part of the visible value.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can set a custom template for a visible change value. Default format is \u003Ccode>%company% %price% %change% %changep%\u003C\u002Fcode>. As macro keywords, you can use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>%exch_symbol%\u003C\u002Fcode> – Symbol with exchange, like \u003Cem>NASDAQ:AAPL\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%symbol%\u003C\u002Fcode> – Company symbol, like \u003Cem>AAPL\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%company%\u003C\u002Fcode> – Company name after filtered by custom names, like \u003Cem>Apple Inc.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%price%\u003C\u002Fcode> – Price value, like \u003Cem>125.22\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%change%\u003C\u002Fcode> – Change value, like \u003Cem>-5.53\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%changep%\u003C\u002Fcode> – Change percentage, like \u003Cem>-4.23%\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>%ltrade%\u003C\u002Fcode> – Last trade day (like \u003Cem>2020-09-25\u003C\u002Fem>), which can be followed by \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fdatetime.format.php\" rel=\"nofollow ugc\">the PHP date format\u003C\u002Fa> to customise date output, separate by pipe character, eg \u003Cem>|l, jS \\of F Y\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For help, use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstock-ticker\u002F\" rel=\"ugc\">the official WordPress support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Cp>You can add a Stock Ticker to posts, pages or widgets by shortcode or widget (\u003Cstrong>Appearance\u003C\u002Fstrong> -> \u003Cstrong>Widgets\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Use the simple shortcode \u003Ccode>[stock_ticker]\u003C\u002Fcode> without any parameters in a post or page to display the ticker with default settings. You can tweak a single shortcode with parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>symbols\u003C\u002Fcode> – string with asingle or comma-separated array of stock symbols\u003C\u002Fli>\n\u003Cli>\u003Ccode>show\u003C\u002Fcode> – a string that defines how the company will be represented on the ticker; can be the \u003Ccode>name\u003C\u002Fcode> for Company Name, or a \u003Ccode>symbol\u003C\u002Fcode> for Stock Symbol\u003C\u002Fli>\n\u003Cli>\u003Ccode>number_format\u003C\u002Fcode> – override default number format for values (default from this settings page used if no custom set by shortcode). Valid options are: \u003Ccode>cd\u003C\u002Fcode> for \u003Cem>0.000,00\u003C\u002Fem>; \u003Ccode>dc\u003C\u002Fcode> for \u003Cem>0,000.00\u003C\u002Fem>; \u003Ccode>sd\u003C\u002Fcode> for \u003Cem>0 000.00\u003C\u002Fem> and \u003Ccode>sc\u003C\u002Fcode> for \u003Cem>0 000,00\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Ccode>decimals\u003C\u002Fcode> – override default number of decimal places for values (default from this settings page used if no custom set by shortcode). Valid values are: \u003Ccode>1\u003C\u002Fcode>, \u003Ccode>2\u003C\u002Fcode>, \u003Ccode>3\u003C\u002Fcode> and \u003Ccode>4\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>static\u003C\u002Fcode> – (boolean) to enable static unordered list instead of scrolling ticker, set to \u003Ccode>1\u003C\u002Fcode> or \u003Ccode>true\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>prefill\u003C\u002Fcode> – (boolean) to start with pre-filled instead of an empty ticker set to \u003Ccode>1\u003C\u002Fcode> or \u003Ccode>true\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>duplicate\u003C\u002Fcode> – (boolean) if there are fewer items than visible on the ticker, set this to \u003Ccode>1\u003C\u002Fcode> or \u003Ccode>true\u003C\u002Fcode> to make it continuous\u003C\u002Fli>\n\u003Cli>\u003Ccode>speed\u003C\u002Fcode> – (integer) tune speed of StockTicker block rendered by shortcode\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> – (optional) customise block look and feel, set custom CSS class\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scrolling ticker\u003Cbr \u002F>\n[stock_ticker symbols=”BABA,EURGBP,LLOY.LON” show=”symbol”]\u003C\u002Fli>\n\u003Cli>Static unordered list\u003Cbr \u002F>\n[stock_ticker symbols=”BABA,EURGBP,LLOY.LON” show=”symbol” static=”1″]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Stock Exchange Markets\u003C\u002Fh3>\n\u003Cp>Alpha Vantage provide stock data for the following stock exchange markets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>BOM\u003C\u002Fstrong> – Bombay Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TSE\u003C\u002Fstrong> – Canadian\u002FToronto Securities Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FRA\u003C\u002Fstrong> – Deutsche Börse Frankfurt Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ETR\u003C\u002Fstrong> – Deutsche Börse Frankfurt Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AMS\u003C\u002Fstrong> – Euronext Amsterdam\u003C\u002Fli>\n\u003Cli>\u003Cstrong>EBR\u003C\u002Fstrong> – Euronext Brussels\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ELI\u003C\u002Fstrong> – Euronext Lisbon\u003C\u002Fli>\n\u003Cli>\u003Cstrong>EPA\u003C\u002Fstrong> – Euronext Paris\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LON\u003C\u002Fstrong> – London Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NASDAQ\u003C\u002Fstrong> – NASDAQ Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CPH\u003C\u002Fstrong> – NASDAQ OMX Copenhagen\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HEL\u003C\u002Fstrong> – NASDAQ OMX Helsinki\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ICE\u003C\u002Fstrong> – NASDAQ OMX Iceland\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NYSE\u003C\u002Fstrong> – New York Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SHA\u003C\u002Fstrong> – Shanghai Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SHE\u003C\u002Fstrong> – Shenzhen Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TPE\u003C\u002Fstrong> – Taiwan Stock Exchange\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TYO\u003C\u002Fstrong> – Tokyo Stock Exchange\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Not supported:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>MCX\u003C\u002Fstrong> – Moscow Exchange (since December 2018) – eg. \u003Ccode>MCX:GAZP\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ASX\u003C\u002Fstrong> – Australian Securities Exchange (\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmoinzaman\u002Fstatus\u002F1262522914227712000\" rel=\"nofollow ugc\">since May 2020\u003C\u002Fa>) – eg, \u003Ccode>ASX:MSB\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SGX\u003C\u002Fstrong> – Singapore Exchange (\u003Ca href=\"https:\u002F\u002Fkpo-and-czm.blogspot.com\u002F2017\u002F11\u002Fbye-yahoo-finance-hi-alpha-vantage.html?showComment=1596075191464#c3946519402226422619\" rel=\"nofollow ugc\">since July 13th 2020\u003C\u002Fa>) – eg, \u003Ccode>C29.SI\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NSE\u003C\u002Fstrong> – National Stock Exchange of India (\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsachinmankapure\u002Fstatus\u002F1279794312210010114\" rel=\"nofollow ugc\">since July 2020\u003C\u002Fa>) – eg, \u003Ccode>NSE:VB\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>STO\u003C\u002Fstrong> – NASDAQ OMX Stockholm (since October 2021) – eg, \u003Ccode>STO:ATCO-A\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BIT\u003C\u002Fstrong> – Borsa Italiana Milan Stock Exchange (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbit-not-working\u002F\" rel=\"ugc\">since December 2023\u003C\u002Fa>) – eg, \u003Ccode>BIT:OLI\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Hall of Fame\u003C\u002Fh3>\n\u003Cp>Kudos to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvulnerability\u002Fstock-ticker\" rel=\"nofollow ugc\">Patchstack\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fwordpress-plugins\u002Fstock-ticker\" rel=\"nofollow ugc\">Wordfence\u003C\u002Fa> researchers for early reporting of vulnerabilities.\u003C\u002Fli>\n\u003Cli>fellow alpha testers \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fflexer\u002F\" rel=\"ugc\">@flexer\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fkhunmax\u002F\" rel=\"ugc\">@khunmax\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fk2_1971\u002F\" rel=\"ugc\">@k2_1971\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fvijaleshk\u002F\" rel=\"ugc\">@vijaleshk\u003C\u002Fa>, for release v3.0.0.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Feigood\u002F\" rel=\"ugc\">@eigood\u003C\u002Fa>, who pointed me to AlphaVantage.co as an alternative to Google Finance.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Frbrodrecht\u002F\" rel=\"nofollow ugc\">@rbrodrecht\u003C\u002Fa> for helping with Alpha Vantage entitlement implementation.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy add customizable moving or static ticker tapes with stock information for custom stock symbols.",2000,136019,88,21,"2026-03-04T09:09:00.000Z","6.9.4","5.2","7.3",[20,21,4,22,23],"forex","stock","ticker","trading","https:\u002F\u002Furosevic.net\u002Fwordpress\u002Fplugins\u002Fstock-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstock-ticker.3.26.2.zip",95,6,0,"2026-03-06 11:30:56","2026-03-15T15:16:48.613Z",[32,47,60,72,85,96],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2026-2722","stock-ticker-authenticated-administrator-stored-cross-site-scripting-via-template","Stock Ticker \u003C= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template","The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.26.1","medium",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-07 01:21:24",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe97ed28c-b4a2-47ee-8fbe-7c995fa102cb?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":42,"published_date":56,"updated_date":57,"references":58,"days_to_patch":46},"CVE-2024-6363","stock-ticker-authenticated-contributor-stored-cross-site-scripting-via-stockticker-shortcode","Stock Ticker \u003C= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode","The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.24.4","3.24.6",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-06-28 18:15:28","2024-06-29 07:05:37",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F280a5d6d-192a-43aa-927e-45c50b126463?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":37,"affected_versions":65,"patched_in_version":66,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":42,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71},"CVE-2023-51541","stock-ticker-authenticated-contributor-stored-cross-site-scritping","Stock Ticker \u003C= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scritping","The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.23.4","3.23.5","2023-12-27 00:00:00","2024-01-22 19:56:02",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb8e921f4-d889-490f-a817-53d132a56f83?source=api-prod",27,{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":37,"affected_versions":77,"patched_in_version":78,"severity":39,"cvss_score":79,"cvss_vector":80,"vuln_type":42,"published_date":81,"updated_date":68,"references":82,"days_to_patch":84},"CVE-2023-40208","stock-ticker-reflected-cross-site-scripting-in-ajaxstocktickerload","Stock Ticker \u003C= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load","The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=3.23.3","3.23.4",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-08-11 00:00:00",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F06eaf73f-273c-4733-9ff9-2d8034221814?source=api-prod",165,{"id":86,"url_slug":87,"title":88,"description":89,"plugin_slug":4,"theme_slug":37,"affected_versions":90,"patched_in_version":91,"severity":39,"cvss_score":79,"cvss_vector":80,"vuln_type":42,"published_date":92,"updated_date":68,"references":93,"days_to_patch":95},"CVE-2022-45365","stock-ticker-reflected-cross-site-scripting-in-ajaxstocktickersymbolsearchtest","Stock Ticker \u003C= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test","The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_symbol_search_test function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=3.23.2","3.23.3","2023-08-10 00:00:00",[94],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3f8321a7-863c-43ab-a42a-e01d60101c3b?source=api-prod",166,{"id":97,"url_slug":98,"title":99,"description":100,"plugin_slug":4,"theme_slug":37,"affected_versions":101,"patched_in_version":102,"severity":39,"cvss_score":103,"cvss_vector":104,"vuln_type":105,"published_date":106,"updated_date":68,"references":107,"days_to_patch":109},"CVE-2023-27626","stock-ticker-missing-authorization-via-ajax-actions","Stock Ticker \u003C= 3.23.0 - Missing Authorization via AJAX actions","The Stock Ticker plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on several AJAX actions in versions up to, and including, 3.23.0. This makes it possible for unauthenticated attackers  to change plugin settings.","\u003C=3.23.0","3.23.1",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2023-03-13 00:00:00",[108],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe81c4d77-5459-4f56-b339-8da0877a6663?source=api-prod",316,{"slug":111,"display_name":7,"profile_url":8,"plugin_count":112,"total_installs":113,"avg_security_score":114,"avg_patch_time_days":115,"trust_score":116,"computed_at":117},"urkekg",8,108100,91,180,73,"2026-04-04T14:42:46.080Z",[119,140,157,175,187],{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":16,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":139,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"stock-market-ticker","Stock Market Ticker","1.9.27","Stockdio","https:\u002F\u002Fprofiles.wordpress.org\u002Fstockdio\u002F","\u003Cp>Stockdio’s Stock Market Ticker contains a plugin and a widget that allow to display a ticker of stock market prices, market indices, currencies and commodities with their variations. Over 65 different stock exchanges and a large number of market indices, currencies and commodities are supported.\u003C\u002Fp>\n\u003Cp>If you’re using the standard Gutenberg editor, the easiest way to include this plugin on your page is using the Stock Market Ticker block, which is included in the Stockdio Financial Visualizations category.\u003C\u002Fp>\n\u003Cp>If you’re using a different editor o prefer to use the shortcode, below is a sample to help you start. Please be aware that most of the parameters listed below are optional, and are also available through the plugin’s settings page. Any parameter you include in the shortcode will overwrite the parameter used in the settings page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[stock-market-ticker symbols=\"AAPL;MSFT;GOOG;HPQ;^SPX;^DJI;LSE:BAG\" stockExchange=\"USA\" width=\"100%\" palette=\"financial-light\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin is part of the Stockdio Financial Widgets, which also includes the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstockdio-historical-chart\u002F\" rel=\"ugc\">Stockdio Historical Chart\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-quotes-list\u002F\" rel=\"ugc\">Stock Quotes List\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-overview\u002F\" rel=\"ugc\">Stock Market Overview\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-news\u002F\" rel=\"ugc\">Stock Market News\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The following parameters are supported in the shortcode and also available through the plugin’s settings page:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>stockExchange\u003C\u002Fstrong>: The exchange market the symbols belong to (optional). If not specified, NYSE\u002FNASDAQ will be used by default. For a list of available exchanges please visit www.stockdio.com\u002Fexchanges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>symbols\u003C\u002Fstrong>: A list of companies stock symbols, market index tickers, currency pairs or commodities ticker, separated by semi-colon (;) (e.g. \u003Cstrong>AAPL;MSFT;GOOG;HPQ;^SPX;^DJI;LSE:BAG\u003C\u002Fstrong>). Please review the FAQ section for additional details on how to includes indices, currencies and commodities, as well as how to specify custom names, combine data from different exchanges, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>scroll\u003C\u002Fstrong>: Allows to set the ticker’s scrolling behavior (optional).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto: ticker automatically scrolls (default).\u003C\u002Fli>\n\u003Cli>No: static ticker.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>speed\u003C\u002Fstrong>: Allows to change the ticker’s scrolling speed. Supported values are: slowest, slower, slow, normal, fast and faster. (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>layoutType\u003C\u002Fstrong>: A number specifying the layout type used to display the ticker. Please visit \u003Ca href=\"https:\u002F\u002Fwww.stockdio.com\u002Fticker_layouts\" rel=\"nofollow ugc\">www.stockdio.com\u002Fticker_layouts\u003C\u002Fa> to review the many ticker layout options available (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>width\u003C\u002Fstrong>: Width of the list in either px or % (optional, default: 100%).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>height\u003C\u002Fstrong>: Height of ticker in px(optional, default: none). Normally, the ticker height is set automatically by the plugin, so in most cases this will not be necessary. However, certain plugins cause conflict and do not allow to set the height automatically; in those cases, you should set the ticker height manually.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>culture\u003C\u002Fstrong>: Allows to specify a combination of language and country settings, used to display texts and to format numbers and dates, e.g. Spanish-Spain (optional). For a list of available culture combinations please visit http:\u002F\u002Fwww.stockdio.com\u002Fcultures.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>motif\u003C\u002Fstrong>: Design used to display the visualization with specific aesthetics, including borders and styles, among other elements (optional). For a list of available motifs please visit www.stockdio.com\u002Fmotifs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>palette\u003C\u002Fstrong>: Includes a set of consistent colors used for the visualization (optional). For a list of available palettes please visit www.stockdio.com\u002Fpalettes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>font\u003C\u002Fstrong>: Allows to specify the font that will be used to render the chart. Multiple fonts may be specified separated by comma, e.g. Lato,Helvetica,Arial (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>transparentBackground\u003C\u002Fstrong>: Allows to display the ticker with a transparent background, which is particularly useful when using image or gradient backgrounds on your page. By default, the ticker’s background color is inherited from the palette. Setting this to true overrides any background color. (optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>backgroundColor\u003C\u002Fstrong>: Allows to specify a color for the ticker’s background. Color must be specified in RGB Hex format, without the # sign, e.g. use 000000 for black. By default, the ticker’s background color is inherited from the palette. (optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>labelsColor\u003C\u002Fstrong>: Allows to specify a color for the ticker’s labels, such as the symbol and company name. Color must be specified in RGB Hex format, without the # sign, e.g. use 0000FF for blue. By default, the labels color is inherited from the palette. Prices and percent of change are usually displayed using positive and negative colors, rather than the labels color. (optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>positiveColor\u003C\u002Fstrong>: Allows to specify a color to be used as “Positive” color, i.e. when close price is greater than previous close price. Color must be specified in Hex format, without the # sign, e.g. use 00FF00 for green. By default, the positive color is inherited from the palette. (optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>negativeColor\u003C\u002Fstrong>: Allows to specify a color to be used as “Negative” color, i.e. when close price is smaller than previous close price. Color must be specified in Hex format, without the # sign, e.g. use FF0000 for red. By default, the negative color is inherited from the palette. (optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>loadDataWhenVisible\u003C\u002Fstrong>: Allows to fetch the data and display the visualization only when it becomes visible on the page, in order to avoid using calls (requests) when they are not needed. This is particularly useful when the visualization is not visible on the page by default, but it becomes visible as result of a user interaction (e.g. clicking on an element, etc.). It is also useful when using the same visualization multiple times on a page for different devices (e.g. using one instance of the plugin for mobile and another one for desktop). We recommend not using this by default but only on scenarios as those described above, as it may provide the end user with a small delay to display the visualization (optional).\u003C\u002Fp>\n","Easy to use and versatile stock market ticker, with support of over 65 world exchanges, indices, commodities and currencies.",3000,111376,74,15,"2026-01-08T17:02:00.000Z","3.1","",[135,120,4,136,22],"financial-ticker","stocks","http:\u002F\u002Fwww.stockdio.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstock-market-ticker.zip",100,{"slug":141,"name":142,"version":143,"author":141,"author_profile":144,"description":145,"short_description":146,"active_installs":147,"downloaded":148,"rating":139,"num_ratings":46,"last_updated":149,"tested_up_to":16,"requires_at_least":150,"requires_php":133,"tags":151,"homepage":133,"download_link":156,"security_score":139,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"forexrateapi","ForexRateAPI","1.1.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fforexrateapi\u002F","\u003Cp>Display live or historical foreign exchange (forex) rates in over 150+ currencies\u003C\u002Fp>\n\u003Cp>Use shortcode [forexrateapi] to display foreign exchange rates on your wp website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fforexrateapi.com\u002F\" rel=\"nofollow ugc\">Official Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Shortcode Customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>{{symbol}}\u003C\u002Fli>\n\u003Cli>{{base}}\u003C\u002Fli>\n\u003Cli>{{price_round}}\u003C\u002Fli>\n\u003Cli>{{date}}\u003C\u002Fli>\n\u003Cli>{{date_format}}\u003C\u002Fli>\n\u003Cli>{{date_timezone}}\u003C\u002Fli>\n\u003Cli>{{unit}}\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Display Customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>{{base}}\u003C\u002Fli>\n\u003Cli>{{timestamp}}\u003C\u002Fli>\n\u003Cli>{{price}}\u003C\u002Fli>\n\u003Cli>{{symbol}}\u003C\u002Fli>\n\u003Cli>{{date}}\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Detailed instructions included upon plugin installation.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to ForexRateAPI endpoint to obtain real-time foreign exchange rates. It is needed to show the foreign exchange rates in the included widget.\u003C\u002Fp>\n\u003Cp>This service is provided by “ForexRateAPI”:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fforexrateapi.com\u002Fterms\" rel=\"nofollow ugc\">Terms of use\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fforexrateapi.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy policy\u003C\u002Fa>\u003C\u002Fp>\n","Display live or historical foreign exchange (forex) rates in over 150+ currencies",10,1654,"2026-02-17T00:07:00.000Z","5.0",[152,153,154,155,22],"currency","foreign-exchange-rates","forex-rates","stockdio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforexrateapi.1.1.7.zip",{"slug":158,"name":159,"version":160,"author":161,"author_profile":162,"description":163,"short_description":164,"active_installs":28,"downloaded":165,"rating":28,"num_ratings":28,"last_updated":166,"tested_up_to":167,"requires_at_least":168,"requires_php":169,"tags":170,"homepage":133,"download_link":173,"security_score":174,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"financial-ratio","Financial Ratio","1.1.0","strassenschild","https:\u002F\u002Fprofiles.wordpress.org\u002Fstrassenschild\u002F","\u003Cp>This plugin enables a block in the \u003Ccode>embed\u003C\u002Fcode> category to display a financial ratio of a target company. There are a\u003Cbr \u002F>\nnumber of ratios to choose from, for example \u003Cem>price\u002Fearnings\u003C\u002Fem>, \u003Cem>price\u002Fbook\u003C\u002Fem> or \u003Cem>market capitalization\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>The block will invoke an API from \u003Ca href=\"https:\u002F\u002Fxelonic.com\" rel=\"nofollow ugc\">xelonic.com\u003C\u002Fa> to retrieve it’s data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>There’s no account required to use this data!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can find more information on\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fxelonic.com\u002Fproducts\u002Fwordpress-plugin\" rel=\"nofollow ugc\">the product page\u003C\u002Fa>.\u003C\u002Fp>\n","Provides a block for Wordpress that displays a financial ratio of a company.",2188,"2023-11-15T12:14:00.000Z","6.4.8","6.1","7.0",[171,172,21,22,23],"finance","market","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffinancial-ratio.1.1.0.zip",85,{"slug":176,"name":177,"version":178,"author":123,"author_profile":124,"description":179,"short_description":180,"active_installs":11,"downloaded":181,"rating":139,"num_ratings":182,"last_updated":131,"tested_up_to":16,"requires_at_least":132,"requires_php":133,"tags":183,"homepage":137,"download_link":186,"security_score":139,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"stock-market-overview","Stock Market Overview","1.6.20","\u003Cp>Stockdio’s Stock Market Overview contain a plugin and a widget that provide the means to display a categorized list of equities, market indices, currencies and commodities with their prices and variations. Over 65 different stock exchanges and a large number of market indices, currencies and commodities are supported. Optionally, an interactive price chart can be included with the list.\u003C\u002Fp>\n\u003Cp>If you’re using the standard Gutenberg editor, the easiest way to include this plugin on your page is using the Stock Market Overview block, which is included in the Stockdio Financial Visualizations category.\u003C\u002Fp>\n\u003Cp>If you’re using a different editor o prefer to use the shortcode, below is a sample to help you start. Please be aware that most of the parameters listed below are optional, and are also available through the plugin’s settings page. Any parameter you include in the shortcode will overwrite the parameter used in the settings page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[stock-market-overview stockExchange=\"USA\" width=\"100%\" palette=\"financial-light\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin is part of the Stockdio Financial Widgets, which also includes the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstockdio-historical-chart\u002F\" rel=\"ugc\">Stockdio Historical Chart\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-quotes-list\u002F\" rel=\"ugc\">Stock Quotes List\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-news\u002F\" rel=\"ugc\">Stock Market News\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-ticker\u002F\" rel=\"ugc\">Stock Market Ticker\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feconomic-market-news\u002F\" rel=\"ugc\">Economic & Market News\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The following parameters are supported in the shortcode and also available through the plugin’s settings page:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>stockExchange\u003C\u002Fstrong>: The exchange market the symbols belong to (optional). If not specified, NYSE\u002FNASDAQ will be used by default. For a list of available exchanges please visit www.stockdio.com\u002Fexchanges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeEquities\u003C\u002Fstrong>: If enabled (true), the Equities category will be included in the list (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>equities\u003C\u002Fstrong>: A list of one or more valid stock symbols from the given exchange, separated by a semicolon (;), e.g. AAPL;MSFT;GOOG;LSE:VOD. To include a symbol from a different exchange, this must be specified as a prefix and separated from the symbol with a colon (:), for example LSE:VOD. If not specified, a default list of equities for the given exchange will be used (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeIndices\u003C\u002Fstrong>: If enabled (true), the Indices category will be included in the list (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>indices\u003C\u002Fstrong>: A list of one or more valid index symbols, separated by a semicolon (;), e.g. SPX;DJI;IXIC. For a list of valid indices, visit http:\u002F\u002Fwww.stockdio.com\u002Findices. If not specified, a default list of indices related to the given exchange will be used (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCommodities\u003C\u002Fstrong>: If enabled (true), the Commodities category will be included in the list (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>commodities\u003C\u002Fstrong>: One or more valid commodities, separated by a semicolon (;), e.g. GC;SI;NG. For a list of valid commodities, visit http:\u002F\u002Fwww.stockdio.com\u002Fcommodities. If not specified, a default list of commodities will be used (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCurrencies\u003C\u002Fstrong>: If enabled (true), the Currencies category will be included in the list (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>currencies\u003C\u002Fstrong>: One or more valid currency pairs, in the format currency-base\u002Fcurrency-target, separated by a semicolon (;), e.g. EUR\u002FUSD;GBP\u002FUSD;USD\u002FCAD. For a list of valid currencies, visit http:\u002F\u002Fwww.stockdio.com\u002Fcurrencies. If not specified, a default list of currency pairs for the given exchange will be used (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>width\u003C\u002Fstrong>: Width of the list in either px or % (default: 100%).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>height\u003C\u002Fstrong>: Height of the list in pixels. If not specified, the list height will be calculated automatically.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>title\u003C\u002Fstrong>: Allows to specify a title for the list, e.g. Market Overview (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>intraday\u003C\u002Fstrong>: If enabled (true), auto refresh intraday delayed data will be used if available for the exchange. For a list of exchanges with intraday data available, please visit http:\u002F\u002Fwww.stockdio.com\u002Fexchanges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeChart\u003C\u002Fstrong>: Allows to include an interactive chart along with the list (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>chartHeight\u003C\u002Fstrong>: Height of the chart in pixels (default: 200px).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeLogo\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock logo or index country flag, if available. Use includeLogo=false to hide the logo (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>logoMaxHeight\u003C\u002Fstrong>: Specify the maximum height allowed for the logo. The height may be smaller than the maximum, depending on the logo width, as it maintains the logo’s aspect ratio (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>logoMaxWidth\u003C\u002Fstrong>: Specify the maximum width allowed for the logo. The width may be smaller than the maximum, depending on the logo height, as it maintains the logo’s aspect ratio (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeEquitiesSymbol\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock symbol in the Equities category. Use includeEquitiesSymbol=false to hide the symbol (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeEquitiesName\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock name in the Equities category. Use includeEquitiesName=true to show the name (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeIndicesSymbol\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the index symbol in the Indices category. Use includeIndicesSymbol=true to show the symbol (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeIndicesName\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the index name in the Indices category. Use includeIndicesName=false to hide the name (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCommoditiesSymbol\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the commodity symbol in the Commodities category. Use includeCommoditiesSymbol=true to show the symbol (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCommoditiesName\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the commodity name in the Commodities category. Use includeCommoditiesName=false to hide the name (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCurrenciesSymbol\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the currency pair symbol in the Currencies category. Use includeCurrenciesSymbol=false to hide the symbol (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeCurrenciesName\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the currency pair name in the Currencies category. Use includeCurrenciesName=true to show the name (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includePrice\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the latest stock price. Use includePrice=false to hide the stock price (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeChange\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock price change. Use includeChange=false to hide the price change (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includePercentChange\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock price percentual change. Use includePercentChange=false to hide the price percent change (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeTrend\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the stock price trend icon (up\u002Fdown\u002Fneutral). Use includeTrend=false to hide the trend icon (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>includeVolume\u003C\u002Fstrong>: Allows to include\u002Fexclude a column with the latest volume. By default, volume is not visible. Use includeVolume=true to show it (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>showHeader\u003C\u002Fstrong>: Allows to display the list header. Use showHeader=false to hide it (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>showCurrency\u003C\u002Fstrong>: Allows to display the currency symbol next to the price, depending on the culture settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>allowSort\u003C\u002Fstrong>: If enabled (true), it allows the end user to sort the data by any of the fields, by clicking on the header, if this is visible.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>culture\u003C\u002Fstrong>: Allows to specify a combination of language and country settings, used to display texts and to format numbers and dates, e.g. Spanish-Spain (optional). For a list of available culture combinations please visit http:\u002F\u002Fwww.stockdio.com\u002Fcultures.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>motif\u003C\u002Fstrong>: Design used to display the visualization with specific aesthetics, including borders and styles, among other elements (optional). For a list of available motifs please visit www.stockdio.com\u002Fmotifs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>palette\u003C\u002Fstrong>: Includes a set of consistent colors used for the visualization (optional). For a list of available palettes please visit www.stockdio.com\u002Fpalettes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>font\u003C\u002Fstrong>: Allows to specify the font that will be used to render the chart. Multiple fonts may be specified separated by comma, e.g. Lato,Helvetica,Arial (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>displayPrices\u003C\u002Fstrong>: Allows to specify how to display the prices on the chart (if enabled), using one of the following options (default: Line):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Line\u003C\u002Fli>\n\u003Cli>Candlestick\u003C\u002Fli>\n\u003Cli>Area\u003C\u002Fli>\n\u003Cli>OHLC\u003C\u002Fli>\n\u003Cli>HLC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>allowPeriodChange\u003C\u002Fstrong>: If enabled (true), it provides a UI to allow the end user to select the period for the data to be displayed in the chart. This UI is enabled by default.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>days\u003C\u002Fstrong>: Allows to specify the number of days for the period to display in the chart (if enabled). If not specified, its default value is 365 days.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>loadDataWhenVisible\u003C\u002Fstrong>: Allows to fetch the data and display the visualization only when it becomes visible on the page, in order to avoid using calls (requests) when they are not needed. This is particularly useful when the visualization is not visible on the page by default, but it becomes visible as result of a user interaction (e.g. clicking on an element, etc.). It is also useful when using the same visualization multiple times on a page for different devices (e.g. using one instance of the plugin for mobile and another one for desktop). We recommend not using this by default but only on scenarios as those described above, as it may provide the end user with a small delay to display the visualization (optional).\u003C\u002Fp>\n","At-a-glance display of stock market, with categories for Equities, Indices, Commodities and Currencies. Supports over 65 world exchanges.",65639,2,[171,184,185,136,22],"quote","quotes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstock-market-overview.zip",{"slug":188,"name":189,"version":190,"author":123,"author_profile":124,"description":191,"short_description":192,"active_installs":193,"downloaded":194,"rating":195,"num_ratings":196,"last_updated":197,"tested_up_to":16,"requires_at_least":132,"requires_php":133,"tags":198,"homepage":201,"download_link":202,"security_score":203,"vuln_count":182,"unpatched_count":28,"last_vuln_date":204,"fetched_at":30},"stockdio-historical-chart","Stockdio Historical Chart","2.8.23","\u003Cp>Stockdio Historical Chart contains a plugin and a widget that provide the means to display a live chart with intraday and historical prices and information for stock, index, currencies or commodities. Over 65 different stock exchanges and a large number of market indices, currencies and commodities are supported.\u003C\u002Fp>\n\u003Cp>If you’re using the standard Gutenberg editor, the easiest way to include this plugin on your page is using the Historical Chart block, which is included in the Stockdio Financial Visualizations category.\u003C\u002Fp>\n\u003Cp>If you’re using a different editor o prefer to use the shortcode, below is a sample to help you start. Please be aware that most of the parameters listed below are optional, and are also available through the plugin’s settings page. Any parameter you include in the shortcode will overwrite the parameter used in the settings page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[stockdio-historical-chart symbol=\"AAPL\" stockExchange=\"USA\" width=\"580\" height=\"380\" motif=\"financial\" palette=\"financial-light\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin is part of the Stockdio Financial Widgets, which also includes the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-quotes-list\u002F\" rel=\"ugc\">Stock Quotes List\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-overview\u002F\" rel=\"ugc\">Stock Market Overview\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-news\u002F\" rel=\"ugc\">Stock Market News\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstock-market-ticker\u002F\" rel=\"ugc\">Stock Market Ticker\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feconomic-market-news\u002F\" rel=\"ugc\">Economic & Market News\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The following parameters are supported in the shortcode and also available through the plugin’s settings page:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>stockExchange\u003C\u002Fstrong>: The exchange market the symbol is a member of (optional). If not specified, USA Equities will be used by default. For a list of available exchanges please visit www.stockdio.com\u002Fexchanges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>symbol\u003C\u002Fstrong>: The company’s stock symbol (ex. \u003Cstrong>AAPL\u003C\u002Fstrong>), market index ticker (ex. \u003Cstrong>^SPX\u003C\u002Fstrong>), currency pair (ex. \u003Cstrong>EUR\u002FUSD\u003C\u002Fstrong>) or commodity ticker (ex. \u003Cstrong>GC\u003C\u002Fstrong>). For a list of available market indices please visit www.stockdio.com\u002Findices. For available currencies please visit www.stockdio.com\u002Fcurrencies and for available commodities, please go to www.stockdio.com\u002Fcommodities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>compare\u003C\u002Fstrong>: Specify a list of valid stock symbols or market indices against which to compare the base symbol, separated by semicolon (ex. \u003Cstrong>MSFT;GOOG;^SPX;^IXIC\u003C\u002Fstrong>). Not case sensitive (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>height\u003C\u002Fstrong>: Height of the chart in either px or % (default: 320px).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>width\u003C\u002Fstrong>: Width of the chart in either px or % ( default: 100%).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>displayPrices\u003C\u002Fstrong>: Allows to specify how to display the prices on the chart, using one of the following options (default: Line):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Line\u003C\u002Fli>\n\u003Cli>Candlestick\u003C\u002Fli>\n\u003Cli>Area\u003C\u002Fli>\n\u003Cli>OHLC\u003C\u002Fli>\n\u003Cli>HLC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>includeVolume\u003C\u002Fstrong>: Allows to display or hide the volume on the chart. By default, volume is visible. Use includeVolume=false to hide it (optional).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>performance\u003C\u002Fstrong>: If enabled (true), price performance (percent change) will be displayed, instead of actual price.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>culture\u003C\u002Fstrong>: Allows to specify a combination of language and country settings, used to display texts and to format numbers and dates (e.g. Spanish-Spain). For a list of available culture combinations please visit http:\u002F\u002Fwww.stockdio.com\u002Fcultures.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>intraday\u003C\u002Fstrong>: If enabled (true), intraday delayed data will be used if available for the exchange and number of days is between 1 and 5. For a list of exchanges with intraday data available, please visit www.stockdio.com\u002Fexchanges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>days\u003C\u002Fstrong>: Allows to specify the number of days for the period to display. Used only if the start and\u002For the end date are not specified. If not specified, its default value is 365 days. If intraday data is available for the stock exchange and the exchange is currently open, the default number of days is 1.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>allowPeriodChange\u003C\u002Fstrong>: If enabled (true), it provides a UI to allow the end user to select the period for the data to be displayed. This UI is only available if the from and to parameters have not been specified. This UI is enabled by default.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>from\u003C\u002Fstrong>: From date. If not specified, the “from” date will be the “to” date minus the number of days specified in the \u003Cstrong>days\u003C\u002Fstrong> parameter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>to\u003C\u002Fstrong>: To date. If not specified, the “to” date will be today’s date.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>motif\u003C\u002Fstrong>: Design used to display the visualization with specific aesthetics, including borders and styles, among other elements. (optional). For a list of available motifs please visit www.stockdio.com\u002Fmotifs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>palette\u003C\u002Fstrong>: Includes a set of consistent colors used for the visualization. (optional). For a list of available palettes please visit www.stockdio.com\u002Fpalettes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>font\u003C\u002Fstrong>: Allows to specify the font that will be used to render the chart. Multiple fonts may be specified separated by comma, e.g. Lato,Helvetica,Arial.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>loadDataWhenVisible\u003C\u002Fstrong>: Allows to fetch the data and display the visualization only when it becomes visible on the page, in order to avoid using calls (requests) when they are not needed. This is particularly useful when the visualization is not visible on the page by default, but it becomes visible as result of a user interaction (e.g. clicking on an element, etc.). It is also useful when using the same visualization multiple times on a page for different devices (e.g. using one instance of the plugin for mobile and another one for desktop). We recommend not using this by default but only on scenarios as those described above, as it may provide the end user with a small delay to display the visualization (optional).\u003C\u002Fp>\n","WordPress plugin and widget for displaying stock market live charts and technical indicators.",900,44988,78,7,"2026-02-20T21:10:00.000Z",[199,171,200,136,22],"chart","graph","http:\u002F\u002Fwww.stockdio.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstockdio-historical-chart.zip",99,"2025-01-30 00:41:37",{"attackSurface":206,"codeSignals":279,"taintFlows":370,"riskAssessment":419,"analyzedAt":432},{"hooks":207,"ajaxHandlers":250,"restRoutes":272,"shortcodes":273,"cronEvents":278,"entryPointCount":196,"unprotectedCount":28},[208,214,218,223,227,231,234,237,241,246],{"type":209,"name":210,"callback":211,"file":212,"line":213},"action","admin_init","register_settings","classes\\class-wpau-stock-ticker-settings.php",43,{"type":209,"name":215,"callback":216,"file":212,"line":217},"admin_menu","add_menu",44,{"type":209,"name":219,"callback":220,"file":221,"line":222},"widgets_init","wpau_stock_ticker_widget_init","classes\\class-wpau-stock-ticker-widget.php",264,{"type":209,"name":224,"callback":225,"file":226,"line":195},"admin_notices","multisite_notice","classes\\class-wpau-stock-ticker.php",{"type":209,"name":228,"callback":229,"file":226,"line":230},"plugins_loaded","maybe_update",83,{"type":209,"name":232,"callback":210,"file":226,"line":233},"init",103,{"type":209,"name":224,"callback":235,"file":226,"line":236},"admin_notice",105,{"type":209,"name":238,"callback":239,"file":226,"line":240},"wp_enqueue_scripts","enqueue_scripts",108,{"type":242,"name":243,"callback":244,"priority":147,"file":226,"line":245},"filter","plugin_row_meta","add_plugin_meta_links",250,{"type":209,"name":247,"callback":248,"file":226,"line":249},"admin_enqueue_scripts","admin_scripts",253,[251,257,259,263,265,268],{"action":252,"nopriv":253,"callback":254,"hasNonce":255,"hasCapCheck":253,"file":226,"line":256},"stockticker_load",false,"ajax_stockticker_load",true,89,{"action":252,"nopriv":255,"callback":254,"hasNonce":255,"hasCapCheck":253,"file":226,"line":258},90,{"action":260,"nopriv":253,"callback":261,"hasNonce":255,"hasCapCheck":253,"file":226,"line":262},"stockticker_update_quotes","ajax_stockticker_update_quotes",92,{"action":260,"nopriv":255,"callback":261,"hasNonce":255,"hasCapCheck":253,"file":226,"line":264},93,{"action":266,"nopriv":253,"callback":267,"hasNonce":255,"hasCapCheck":255,"file":226,"line":26},"stockticker_symbol_search_test","ajax_stockticker_symbol_search_test",{"action":269,"nopriv":253,"callback":270,"hasNonce":255,"hasCapCheck":255,"file":226,"line":271},"stockticker_purge_cache","ajax_restart_av_fetching",98,[],[274],{"tag":275,"callback":276,"file":226,"line":277},"stock_ticker","shortcode",115,[],{"dangerousFunctions":280,"sqlUsage":281,"outputEscaping":297,"fileOperations":282,"externalRequests":182,"nonceChecks":282,"capabilityChecks":368,"bundledLibraries":369},[],{"prepared":282,"raw":283,"locations":284},4,5,[285,288,290,292,294],{"file":286,"line":262,"context":287},"update.php","$wpdb->query() with variable interpolation",{"file":286,"line":289,"context":287},129,{"file":286,"line":291,"context":287},138,{"file":286,"line":293,"context":287},139,{"file":286,"line":295,"context":296},169,"$wpdb->get_var() with variable interpolation",{"escaped":298,"rawEcho":299,"locations":300},59,39,[301,304,306,308,309,311,313,315,316,318,320,321,323,324,325,327,329,330,332,334,335,337,339,340,342,344,345,347,349,350,352,354,355,357,359,360,362,364,366],{"file":221,"line":302,"context":303},48,"raw output",{"file":221,"line":305,"context":303},79,{"file":221,"line":307,"context":303},82,{"file":221,"line":174,"context":303},{"file":221,"line":310,"context":303},87,{"file":221,"line":312,"context":303},170,{"file":221,"line":314,"context":303},171,{"file":221,"line":314,"context":303},{"file":221,"line":317,"context":303},174,{"file":221,"line":319,"context":303},175,{"file":221,"line":319,"context":303},{"file":221,"line":322,"context":303},179,{"file":221,"line":115,"context":303},{"file":221,"line":115,"context":303},{"file":221,"line":326,"context":303},187,{"file":221,"line":328,"context":303},188,{"file":221,"line":328,"context":303},{"file":221,"line":331,"context":303},197,{"file":221,"line":333,"context":303},198,{"file":221,"line":333,"context":303},{"file":221,"line":336,"context":303},207,{"file":221,"line":338,"context":303},208,{"file":221,"line":338,"context":303},{"file":221,"line":341,"context":303},212,{"file":221,"line":343,"context":303},213,{"file":221,"line":343,"context":303},{"file":221,"line":346,"context":303},217,{"file":221,"line":348,"context":303},218,{"file":221,"line":348,"context":303},{"file":221,"line":351,"context":303},222,{"file":221,"line":353,"context":303},223,{"file":221,"line":353,"context":303},{"file":221,"line":356,"context":303},228,{"file":221,"line":358,"context":303},229,{"file":221,"line":358,"context":303},{"file":226,"line":361,"context":303},425,{"file":226,"line":363,"context":303},467,{"file":226,"line":365,"context":303},504,{"file":226,"line":367,"context":303},526,3,[],[371,393],{"entryPoint":372,"graph":373,"unsanitizedCount":46,"severity":39},"ajax_stockticker_symbol_search_test (classes\\class-wpau-stock-ticker.php:514)",{"nodes":374,"edges":390},[375,380,384],{"id":376,"type":377,"label":378,"file":226,"line":379},"n0","source","$_POST",524,{"id":381,"type":382,"label":383,"file":226,"line":379},"n1","transform","→ av_query_endpoint()",{"id":385,"type":386,"label":387,"file":226,"line":388,"wp_function":389},"n2","sink","wp_remote_get() [SSRF]",619,"wp_remote_get",[391,392],{"from":376,"to":381,"sanitized":253},{"from":381,"to":385,"sanitized":253},{"entryPoint":394,"graph":395,"unsanitizedCount":46,"severity":39},"\u003Cclass-wpau-stock-ticker> (classes\\class-wpau-stock-ticker.php:0)",{"nodes":396,"edges":414},[397,400,401,403,408,410,412],{"id":376,"type":377,"label":398,"file":226,"line":399},"$_POST (x2)",523,{"id":381,"type":386,"label":387,"file":226,"line":388,"wp_function":389},{"id":385,"type":377,"label":378,"file":226,"line":402},441,{"id":404,"type":386,"label":405,"file":226,"line":406,"wp_function":407},"n3","get_results() [SQLi]",1016,"get_results",{"id":409,"type":377,"label":378,"file":226,"line":379},"n4",{"id":411,"type":382,"label":383,"file":226,"line":379},"n5",{"id":413,"type":386,"label":387,"file":226,"line":388,"wp_function":389},"n6",[415,416,417,418],{"from":376,"to":381,"sanitized":255},{"from":385,"to":404,"sanitized":255},{"from":409,"to":411,"sanitized":253},{"from":411,"to":413,"sanitized":253},{"summary":420,"deductions":421},"The 'stock-ticker' v3.26.2 plugin presents a mixed security picture.  On one hand, the static analysis shows a good effort in implementing security best practices, with all identified entry points (AJAX handlers, REST API routes, and shortcodes) appearing to have authentication and authorization checks.  There are no reported dangerous functions or critical\u002Fhigh severity taint flows, which is positive.  However, there are significant areas for concern. The plugin exhibits a moderate number of SQL queries, with nearly half not using prepared statements, creating a potential risk for SQL injection.  Furthermore, a substantial portion of output is not properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities.  The vulnerability history is particularly concerning, with six past medium-severity CVEs, predominantly involving XSS and authorization issues. The fact that the last vulnerability was as recent as March 2026 suggests a recurring pattern of security weaknesses in the plugin's development. While the current version has no unpatched CVEs, the historical trend and code signals about unescaped output and unsanitized paths warrant caution.",[422,425,428,430],{"reason":423,"points":424},"SQL queries not using prepared statements",20,{"reason":426,"points":427},"Output escaping is not properly implemented",18,{"reason":429,"points":147},"Flows with unsanitized paths found",{"reason":431,"points":424},"History of 6 medium severity CVEs","2026-03-16T18:35:31.270Z",{"wat":434,"direct":443},{"assetPaths":435,"generatorPatterns":438,"scriptPaths":439,"versionParams":440},[436,437],"\u002Fwp-content\u002Fplugins\u002Fstock-ticker\u002Fcss\u002Fstock-ticker.css","\u002Fwp-content\u002Fplugins\u002Fstock-ticker\u002Fjs\u002Fstock-ticker.js",[],[437],[441,442],"stock-ticker\u002Fcss\u002Fstock-ticker.css?ver=","stock-ticker\u002Fjs\u002Fstock-ticker.js?ver=",{"cssClasses":444,"htmlComments":446,"htmlAttributes":449,"restEndpoints":452,"jsGlobals":453,"shortcodeOutput":455},[445],"wpau-stock-ticker-widget",[447,448],"\u003C!-- Initialize stock ticker -->","\u003C!-- Initialize stock ticker widget -->",[450,451],"data-stockticker-id","data-stockticker-options",[],[454],"wpau_stock_ticker_ajax_obj",[456],"[stock_ticker"]