VYPR

Stockdio Historical Chart

by WordPress

CVEs (2)

  • CVE-2024-13349MedJan 30, 2025
    risk 0.42cvss 6.4epss 0.00

    The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2020-28707MedJan 19, 2021
    risk 0.40cvss 6.1epss 0.01

    The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The…