Vulnerabilities and security researches forstock-ticker stock-ticker

Jun 07, 2024

CVE, Research URL: CVE-2022-45365
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Dec 14, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.
Affected versions: max 3.23.3.
Status: vulnerable

CVE, Research URL: CVE-2023-40208
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Sep 04, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Urošević Stock Ticker plugin <= 3.23.3 versions.
Affected versions: max 3.23.4.
Status: vulnerable

CVE, Research URL: CVE-2023-51541
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Dec 29, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.
Affected versions: max 3.23.5.
Status: vulnerable

CVE, Research URL: 5e98de615e948869454563e2180a7a2049de3421
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Mar 13, 2023
Research Description: Stock Ticker [stock-ticker] < 3.23.1 WordPress Stock Ticker Plugin <= 3.23.0 is vulnerable to Broken Access Control Update the WordPress Stock Ticker plugin to the latest available version (at least 3.23.1). Mika discovered and reported this Broken Access Control vulnerability in WordPress Stock Ticker Plugin. This vulnerability has been fixed in version 3.23.1.
Affected versions: max 3.23.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-27626
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.
Affected versions: max 3.23.1.
Status: vulnerable

Jun 30, 2024

CVE, Research URL: CVE-2024-6363
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Jun 29, 2024
Research Description: The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 3.24.6.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-2722
Home page URL: Security reports for Stock Ticker
Application: Stock Ticker
Date: Mar 07, 2026
Research Description: The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 3.26.2.
Status: vulnerable