The plugin was affected by a Reflected Cross-Site Scripting issue via the postMessage() event.
Use the following code on another website
jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/