CVE-2024-6363

<p>A simple and easy configurable plugin for WordPress that allows you to insert a stock ticker with stock price information to posts, pages, widgets, or even to template files. Insertion is enabled by a shortcode or multi-instance widget.</p> <p>Stock data is fetched by the API from <a href="https://www.alphavantage.co/" rel="nofollow ugc">Alpha Vantage</a>. You&#8217;ll need an AlphaVantage.co API Key.</p> <p>Stock Ticker is an advanced variation of the <a href="https://wordpress.org/plugins/stock-quote/" rel="ugc">Stock Quote</a> plugin.</p> <p><strong>Multisite WordPress is not supported yet.</strong></p> <p><strong>IMPORTANT:</strong> Stock Ticker does not have its Gutenberg Block. You can use Shortcode Block or Common Block to insert the Stock Ticker within the post/page content.</p> <h3>Disclaimer</h3> <p>All stock data used in <strong>Stock Ticker</strong> is provided by <strong>Alpha Vantage</strong>, displayed for informational and educational purposes only and should not be considered as investment advice.</p> <p>As of the end of 2023, AlphaVantage limited the Free API tier to 5 requests per minute and 25 requests per day.</p> <p>Before presenting stock data on your website publicly, ensure that you comply with the Alpha Vantage <a href="https://www.alphavantage.co/terms_of_service/" rel="nofollow ugc">Terms of Service</a> and have a valid commercial license!</p> <p>The author of the <strong>Stock Ticker</strong> plugin does not accept liability or responsibility for your use of the plugin, including but not limited to trading and investment results. Additionally, the author of the <strong>Stock Ticker</strong> plugin can not guarantee that stock prices are always accurate, as they are provided by a third-party service for free.</p> <h3>Features</h3> <ul> <li>Set a global set of symbols you&#8217;ll use site-wide.</li> <li>Configure the default set of stock symbols that will be displayed in the ticker inserted by the empty shortcode.</li> <li>Configure the default presence of the company as Company Name or as a Stock Symbol.</li> <li>Configure colours for unchanged quote, negative and positive changes with the colour picker.</li> <li>Disable scrolling ticker and make it static.</li> <li>Define custom names for companies to be used instead of the symbols.</li> <li>Define custom elements as a part of the visible value.</li> </ul> <p>You can set a custom template for a visible change value. Default format is <code>%company% %price% %change% %changep%</code>. As macro keywords, you can use:</p> <ul> <li><code>%exch_symbol%</code> &#8211; Symbol with exchange, like <em>NASDAQ:AAPL</em></li> <li><code>%symbol%</code> &#8211; Company symbol, like <em>AAPL</em></li> <li><code>%company%</code> &#8211; Company name after filtered by custom names, like <em>Apple Inc.</em></li> <li><code>%price%</code> &#8211; Price value, like <em>125.22</em></li> <li><code>%change%</code> &#8211; Change value, like <em>-5.53</em></li> <li><code>%changep%</code> &#8211; Change percentage, like <em>-4.23%</em></li> <li><code>%ltrade%</code> &#8211; Last trade day (like <em>2020-09-25</em>), which can be followed by <a href="https://www.php.net/manual/en/datetime.format.php" rel="nofollow ugc">the PHP date format</a> to customise date output, separate by pipe character, eg <em>|l, jS \of F Y</em></li> </ul> <p>For help, use <a href="https://wordpress.org/support/plugin/stock-ticker/" rel="ugc">the official WordPress support forum</a>.</p> <h3>How To Use</h3> <p>You can add a Stock Ticker to posts, pages or widgets by shortcode or widget (<strong>Appearance</strong> -&gt; <strong>Widgets</strong>).</p> <h4>Shortcode</h4> <p>Use the simple shortcode <code>[stock_ticker]</code> without any parameters in a post or page to display the ticker with default settings. You can tweak a single shortcode with parameters:</p> <ul> <li><code>symbols</code> &#8211; string with asingle or comma-separated array of stock symbols</li> <li><code>show</code> &#8211; a string that defines how the company will be represented on the ticker; can be the <code>name</code> for Company Name, or a <code>symbol</code> for Stock Symbol</li> <li><code>number_format</code> &#8211; override default number format for values (default from this settings page used if no custom set by shortcode). Valid options are: <code>cd</code> for <em>0.000,00</em>; <code>dc</code> for <em>0,000.00</em>; <code>sd</code> for <em>0 000.00</em> and <code>sc</code> for <em>0 000,00</em></li> <li><code>decimals</code> &#8211; override default number of decimal places for values (default from this settings page used if no custom set by shortcode). Valid values are: <code>1</code>, <code>2</code>, <code>3</code> and <code>4</code></li> <li><code>static</code> &#8211; (boolean) to enable static unordered list instead of scrolling ticker, set to <code>1</code> or <code>true</code></li> <li><code>prefill</code> &#8211; (boolean) to start with pre-filled instead of an empty ticker set to <code>1</code> or <code>true</code></li> <li><code>duplicate</code> &#8211; (boolean) if there are fewer items than visible on the ticker, set this to <code>1</code> or <code>true</code> to make it continuous</li> <li><code>speed</code> &#8211; (integer) tune speed of StockTicker block rendered by shortcode</li> <li><code>class</code> &#8211; (optional) customise block look and feel, set custom CSS class</li> </ul> <h4>Examples</h4> <ul> <li>Scrolling ticker<br /> [stock_ticker symbols=&#8221;BABA,EURGBP,LLOY.LON&#8221; show=&#8221;symbol&#8221;]</li> <li>Static unordered list<br /> [stock_ticker symbols=&#8221;BABA,EURGBP,LLOY.LON&#8221; show=&#8221;symbol&#8221; static=&#8221;1&#8243;]</li> </ul> <h3>Supported Stock Exchange Markets</h3> <p>Alpha Vantage provide stock data for the following stock exchange markets:</p> <ul> <li><strong>BOM</strong> &#8211; Bombay Stock Exchange</li> <li><strong>TSE</strong> &#8211; Canadian/Toronto Securities Exchange</li> <li><strong>FRA</strong> &#8211; Deutsche Börse Frankfurt Stock Exchange</li> <li><strong>ETR</strong> &#8211; Deutsche Börse Frankfurt Stock Exchange</li> <li><strong>AMS</strong> &#8211; Euronext Amsterdam</li> <li><strong>EBR</strong> &#8211; Euronext Brussels</li> <li><strong>ELI</strong> &#8211; Euronext Lisbon</li> <li><strong>EPA</strong> &#8211; Euronext Paris</li> <li><strong>LON</strong> &#8211; London Stock Exchange</li> <li><strong>NASDAQ</strong> &#8211; NASDAQ Exchange</li> <li><strong>CPH</strong> &#8211; NASDAQ OMX Copenhagen</li> <li><strong>HEL</strong> &#8211; NASDAQ OMX Helsinki</li> <li><strong>ICE</strong> &#8211; NASDAQ OMX Iceland</li> <li><strong>NYSE</strong> &#8211; New York Stock Exchange</li> <li><strong>SHA</strong> &#8211; Shanghai Stock Exchange</li> <li><strong>SHE</strong> &#8211; Shenzhen Stock Exchange</li> <li><strong>TPE</strong> &#8211; Taiwan Stock Exchange</li> <li><strong>TYO</strong> &#8211; Tokyo Stock Exchange</li> </ul> <p>Not supported:</p> <ul> <li><strong>MCX</strong> &#8211; Moscow Exchange (since December 2018) &#8211; eg. <code>MCX:GAZP</code></li> <li><strong>ASX</strong> &#8211; Australian Securities Exchange (<a href="https://twitter.com/moinzaman/status/1262522914227712000" rel="nofollow ugc">since May 2020</a>) &#8211; eg, <code>ASX:MSB</code></li> <li><strong>SGX</strong> &#8211; Singapore Exchange (<a href="https://kpo-and-czm.blogspot.com/2017/11/bye-yahoo-finance-hi-alpha-vantage.html?showComment=1596075191464#c3946519402226422619" rel="nofollow ugc">since July 13th 2020</a>) &#8211; eg, <code>C29.SI</code></li> <li><strong>NSE</strong> &#8211; National Stock Exchange of India (<a href="https://twitter.com/sachinmankapure/status/1279794312210010114" rel="nofollow ugc">since July 2020</a>) &#8211; eg, <code>NSE:VB</code></li> <li><strong>STO</strong> &#8211; NASDAQ OMX Stockholm (since October 2021) &#8211; eg, <code>STO:ATCO-A</code></li> <li><strong>BIT</strong> &#8211; Borsa Italiana Milan Stock Exchange (<a href="https://wordpress.org/support/topic/bit-not-working/" rel="ugc">since December 2023</a>) &#8211; eg, <code>BIT:OLI</code></li> </ul> <h3>Hall of Fame</h3> <p>Kudos to:</p> <ul> <li><a href="https://patchstack.com/database/vulnerability/stock-ticker" rel="nofollow ugc">Patchstack</a> and <a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stock-ticker" rel="nofollow ugc">Wordfence</a> researchers for early reporting of vulnerabilities.</li> <li>fellow alpha testers <a href="https://wordpress.org/support/users/flexer/" rel="ugc">@flexer</a>, <a href="https://wordpress.org/support/users/khunmax/" rel="ugc">@khunmax</a>, <a href="https://wordpress.org/support/users/k2_1971/" rel="ugc">@k2_1971</a>, and <a href="https://wordpress.org/support/users/vijaleshk/" rel="ugc">@vijaleshk</a>, for release v3.0.0.</li> <li><a href="https://wordpress.org/support/users/eigood/" rel="ugc">@eigood</a>, who pointed me to AlphaVantage.co as an alternative to Google Finance.</li> <li><a href="https://profiles.wordpress.org/rbrodrecht/" rel="nofollow ugc">@rbrodrecht</a> for helping with Alpha Vantage entitlement implementation.</li> </ul>