WP-Safety

Stockdio Historical Chart Security & Risk Analysis

wordpress.org/plugins/stockdio-historical-chart

WordPress plugin and widget for displaying stock market live charts and technical indicators.

900 active installs v2.8.23 PHP + WP 3.1+ Updated Feb 20, 2026
chartfinancegraphstocksticker
99
A · Safe
CVEs total2
Unpatched0
Last CVEJan 30, 2025
Plugin page Download
Safety Verdict

Is Stockdio Historical Chart Safe to Use in 2026?

Generally Safe

Score 99/100

Stockdio Historical Chart has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 30, 2025Updated 1mo ago
Risk Assessment

The "stockdio-historical-chart" v2.8.23 plugin exhibits a mixed security posture. While it demonstrates good practices in its handling of SQL queries by exclusively using prepared statements and possesses a relatively small attack surface, concerns arise from the output escaping and the plugin's vulnerability history.

The static analysis reveals a significant percentage of output (35%) is not properly escaped, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities. Although no critical or high severity taint flows were detected in the provided analysis, the lack of proper output escaping creates an environment where such vulnerabilities could be introduced or exploited. Furthermore, the absence of nonce checks on the single shortcode, while not directly flagged as a risk in the static analysis, is a deviation from common WordPress security best practices for shortcodes that interact with user-provided data or perform actions.

The plugin's vulnerability history is a significant concern. Having two known medium severity CVEs, both related to Cross-Site Scripting, points to a recurring pattern of input sanitization and output escaping deficiencies within the plugin. The fact that these vulnerabilities were known and a recent one was recorded in early 2025 suggests ongoing issues or a history of incomplete patching. While there are currently no unpatched CVEs, the historical pattern suggests a higher likelihood of future vulnerabilities if coding practices are not improved.

Key Concerns

  • Medium severity XSS vulnerabilities in history
  • 35% of output not properly escaped
  • No nonce checks on shortcode
Vulnerabilities
2

Stockdio Historical Chart Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-13349medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 30, 2025 Patched in 2.8.19 (1d)
CVE-2020-28707medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting

Oct 19, 2020 Patched in 2.8.1 (1191d)
Code Analysis
Analyzed Mar 16, 2026

Stockdio Historical Chart Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
70 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

65% escaped108 total outputs
Attack Surface

Stockdio Historical Chart Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[stockdio-historical-chart] stockdioplugin.php:919
WordPress Hooks 14
actionenqueue_block_assetssrc\init.php:35
actionenqueue_block_editor_assetssrc\init.php:122
filterblock_categoriessrc\init.php:125
actioninitsrc\init.php:159
actionadmin_menustockdioplugin.php:59
actionadmin_initstockdioplugin.php:60
actionadmin_noticesstockdioplugin.php:61
actionadmin_enqueue_scriptsstockdioplugin.php:64
actionadmin_footerstockdioplugin.php:65
actionwp_headstockdioplugin.php:932
filtermce_buttonsstockdioplugin.php:1336
filtermce_external_pluginsstockdioplugin.php:1343
actionwidgets_initstockdio_historical_chart_widget.php:356
actionadmin_print_stylesstockdio_historical_chart_widget.php:360
Maintenance & Trust

Stockdio Historical Chart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version
Downloads45K

Community Trust

Rating78/100
Number of ratings7
Active installs900
Alternatives

Stockdio Historical Chart Alternatives

Stock Market Overview

Stock Market Overview

stock-market-overview

A
100

At-a-glance display of stock market, with categories for Equities, Indices, Commodities and Currencies. Supports over 65 world exchanges.

2K No CVEs
Stock market charts from finviz

Stock market charts from finviz

stock-market-charts-from-finviz

A
100

Embed dynamic stock market charts from finviz.com

500 1 CVE
Jika.io Stock Market Widgets

Jika.io Stock Market Widgets

jika-stock-market-widgets

A
85

Stock Market Widgets for WordPress By Jika.io

60 No CVEs
Visualizer: Tables and Charts Manager for WordPress

Visualizer: Tables and Charts Manager for WordPress

visualizer

B
76

A simple yet powerful WordPress chart plugin to effortlessly create and embed responsive charts & tables into your site, supporting multiple data &hellip;

20K 12 CVEs
Graphina – Charts and Graphs For Elementor

Graphina – Charts and Graphs For Elementor

graphina-elementor-charts-and-graphs

A
89

Most Powerful Data visualization plugin for WordPress Elementor. The easiest way to build gorgeous Charts & Graphs on your Elementor website.

10K 7 CVEs
Developer Profile

Stockdio Historical Chart Developer Profile

Stockdio

5 plugins · 7K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
596 days
View full developer profile
Detection Fingerprints

How We Detect Stockdio Historical Chart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stockdio-historical-chart/assets/stockdio-wp.css/wp-content/plugins/stockdio-historical-chart/assets/stockdio-tinymce-button.css/wp-content/plugins/stockdio-historical-chart/assets/Sortable.min.js/wp-content/plugins/stockdio-historical-chart/assets/stockdio_chart_historical-wp.js/wp-content/plugins/stockdio-historical-chart/assets/stockdio_search.css/wp-content/plugins/stockdio-historical-chart/assets/stockdio_search.js/wp-content/plugins/stockdio-historical-chart/assets/stockdio_search_old_version.css
Script Paths
/wp-content/plugins/stockdio-historical-chart/assets/Sortable.min.js/wp-content/plugins/stockdio-historical-chart/assets/stockdio_chart_historical-wp.js/wp-content/plugins/stockdio-historical-chart/assets/stockdio_search.js
Version Parameters
stockdio-historical-chart/assets/stockdio-wp.css?ver=stockdio-historical-chart/assets/stockdio-tinymce-button.css?ver=stockdio-historical-chart/assets/Sortable.min.js?ver=stockdio-historical-chart/assets/stockdio_chart_historical-wp.js?ver=stockdio-historical-chart/assets/stockdio_search.css?ver=stockdio-historical-chart/assets/stockdio_search.js?ver=stockdio-historical-chart/assets/stockdio_search_old_version.css?ver=

HTML / DOM Fingerprints

CSS Classes
stockdio_historical_chart_form
FAQ

Frequently Asked Questions about Stockdio Historical Chart