stockdio CVE Vulnerabilities & Metrics

Focus on stockdio vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About stockdio Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with stockdio. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total stockdio CVEs: 2
Earliest CVE date: 19 Jan 2021, 22:15 UTC
Latest CVE date: 30 Jan 2025, 14:15 UTC

Latest CVE reference: CVE-2024-13349

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical stockdio CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.15

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 1
4.0-6.9 1
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS stockdio CVEs

These are the five CVEs with the highest CVSS scores for stockdio, sorted by severity first and recency.

All CVEs for stockdio

CVE-2024-13349 stockdio vulnerability CVSS: 0 30 Jan 2025, 14:15 UTC

The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2020-28707 stockdio vulnerability CVSS: 4.3 19 Jan 2021, 22:15 UTC

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the "e" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object.