ThreatPress

WordPress Vulnerability Database

Back

WordPress Stockdio Historical Chart plugin <= 2.7.2 - Cross-Site Scripting (XSS) vulnerability

Product
Stockdio Historical Chart
Description
Cross-Site Scripting (XSS) vulnerability found by Jondow in WordPress Stockdio Historical Chart plugin (versions <= 2.7.2).
Solution
Update the WordPress Stockdio Historical Chart plugin to the latest available version (at least 2.8.1).
Classification
Type Cross Site Scripting (XSS)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE
Plugin changelog
Vulnerability details
CVE
Name CVE-2020-28707
Versions
Affected In <= 2.7.2
Fixed In 2.8.1
Disclosure date
2021-01-16
Credits
Jondow