Does Air Quality Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Air Quality Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Air Quality Plugin compatible with WordPress 4.9.29?

According to WordPress.org data, Air Quality Plugin 0.40 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Air Quality Plugin compatible with PHP 5.5+?

Air Quality Plugin requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Air Quality Plugin updated?

Air Quality Plugin was last updated on Apr 12, 2018. Frequent updates are generally a positive security signal.

What is Air Quality Plugin's security score?

Air Quality Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Air Quality Plugin Security & Risk Analysis

wordpress.org/plugins/air-quality

This plugin was made mainly to display air quality from closest air pollution detector

30 active installs v0.40 PHP 5.5+ WP 4.7+ Updated Apr 12, 2018

healthmonitorpollutionweatherwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Air Quality Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Air Quality Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "air-quality" plugin v0.40 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, uses prepared statements for all SQL queries, and implements nonce and capability checks. There are no observed critical or high severity taint flows, nor are there any dangerous functions or file operations in the code.

However, there are notable concerns related to its attack surface and output escaping. Two out of three AJAX handlers lack authentication checks, presenting a significant risk of unauthorized access or execution of plugin functions. Furthermore, a substantial majority of output (79%) is not properly escaped, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. The presence of an external HTTP request also warrants attention, although its specific impact is unknown without further analysis.

While the lack of historical vulnerabilities and secure SQL practices are strengths, the combination of unprotected AJAX endpoints and widespread unescaped output creates a substantial security risk. The plugin needs significant improvements in input validation and output sanitization to achieve a secure state.

Key Concerns

Unprotected AJAX handlers
Insufficient output escaping

Vulnerabilities

None known

Air Quality Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Air Quality Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped66 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

pk_aqp_options_code (includes\options_menu.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Air Quality Plugin Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 3

authwp_ajax_pk_aqp_load_settings_fieldsincludes\handle_ajax.php:13

authwp_ajax_pk_aqp_save_user_coordinatesincludes\handle_ajax.php:36

authwp_ajax_pk_aqp_get_widget_htmlincludes\handle_ajax.php:42

WordPress Hooks 3

actionplugins_loadedair-quality-plugin.php:67

actionadmin_menuair-quality-plugin.php:77

actionwidgets_initair-quality-plugin.php:84

Maintenance & Trust

Air Quality Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 12, 2018

PHP min version5.5

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Air Quality Plugin Alternatives

AirQuality CHMU

airquality-chmu

100

Tento plugin slouží k zobrazení environmentálních dat z Českého hydrometeorologického ústavu.

0 No CVEs

Weather Atlas Widget

weather-atlas

The Weather Widget with the Most Active Installations. Highly customizable, simple & beautiful. Detailed current weather, hourly & daily forecasts

9K 2 CVEs

wp-forecast

wp-forecast is a highly customizable plugin for wordpress, showing weather-data from open-meteo.com and/or openweathermap.com.

5K 2 CVEs

Health Endpoint

health-endpoint

Creates a /health endpoint that returns a 200 OK HTTP status code while WordPress is performing correctly.

3K No CVEs

Remove Site Health From Dashboard

remove-site-heath-from-dashboard

Removes the Site Health from the Dashboard introduced in WP 5.4

1K No CVEs

Developer Profile

Air Quality Plugin Developer Profile

patrol220

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Air Quality Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/air-quality/css/style-widget.css

Version Parameters

air-quality/css/style-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

pk_aqp_air_quality_widget

Data Attributes

name="longitude"name="latitude"name="weather-info"name="longitude-default"name="latitude-default"name="google-maps-key"+3 more

FAQ