[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKcmCNFuqjLQNpIhoO3-wKmE7hMG362-TuM-4VsVcRKU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":129,"fingerprints":317},"aviation-weather-from-noaa","Aviation Weather from NOAA","0.7.2","machouinard","https:\u002F\u002Fprofiles.wordpress.org\u002Fmachouinard\u002F","\u003Cul>\n\u003Cli>Display METAR & TAF info from NOAA’s Aviation Digital Data Service\u003C\u002Fli>\n\u003Cli>Display up to 6 hours before now\u003C\u002Fli>\n\u003Cli>PIREPs up to 200sm\u003C\u002Fli>\n\u003Cli>Create multiple instances using either widget or shortcode\u003C\u002Fli>\n\u003Cli>WP-CLI Integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Gutenberg Block\u003C\u002Fh4>\n\u003Cp>A new \u003Ccode>AWFN Block\u003C\u002Fcode> can be found in the Widgets section.\u003C\u002Fp>\n\u003Ch4>Shortcode Usage: ( shown with defaults )\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[adds_weather apts='KSMF' hours=2 show_metar=1 show_taf=1 show_pireps=1 show_station_info=1 radial_dist=100 title='']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Data is cached for 30 minutes using the WordPress Transients API.\u003C\u002Fp>\n\u003Ch4>Included Filter Hooks:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>adds_kses: Array of permitted HTML tags.\u003C\u002Fli>\n\u003Cli>adds_custom_css: URL of a user-supplied stylesheet.  Supplying a stylesheet in theme’s directory ( ‘css\u002Faviation_weather_from_noaa.css’ ) will also override stylesheet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Styling\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Copy \u003Ccode>css\u002Faviation_weather_from_noaa.css\u003C\u002Fcode> from plugin directory into theme directory, keeping that file structure.\u003C\u002Fli>\n\u003Cli>Make desired changes.\u003C\u002Fli>\n\u003Cli>Plugin will load this stylesheet instead of its own.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code and support available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmachouinard\u002Faviation-weather-from-noaa\" title=\"GitHub Repo\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Aviation weather data from NOAA's Aviation Digital Data Service (ADDS)",100,7110,4,"2022-10-31T16:06:00.000Z","6.1.10","3.8","",[19,20,21,22,23],"aviation","metar","noaa","pireps","weather","https:\u002F\u002Fgithub.com\u002Fmachouinard\u002Faviation-weather-from-noaa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviation-weather-from-noaa.0.7.2.zip",61,1,"2025-06-30 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-28980","aviation-weather-from-noaa-authenticated-subscriber-arbitrary-file-deletion","Aviation Weather from NOAA \u003C= 0.7.2 - Authenticated (Subscriber+) Arbitrary File Deletion","The Aviation Weather from NOAA plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 0.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).",null,"\u003C=0.7.2","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-07-08 17:33:19",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff757cea8-9133-410a-92d7-960490b018e9?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,67,"2026-04-04T23:33:40.007Z",[50,73,89,104,118],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":46,"downloaded":58,"rating":59,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":17,"tags":64,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"aviation-weather-briefing","Aviation Weather Briefing","1.0","xf117a","https:\u002F\u002Fprofiles.wordpress.org\u002Fxf117a\u002F","\u003Cp>Aviation Weather Briefing plugin allows the user to display and generate the basic Aviation Weather briefings.  This includes the latest METAR’s, TAF’s,\u003Cbr \u002F>\nSignificant Weather and Upper Winds and Temperature.  On submission of user inputs the plugin will fetch the data from NOAA servers and display them to the user.\u003C\u002Fp>\n\u003Cp>The WordPress site administrator can simply display modules for METAR and TAF, Significant Weather and Upper Winds and Temperature via the below shortcodes.\u003C\u002Fp>\n","Display the most important Aviation Weather information such as METAR,TAF,Significant Weather and Upper Winds and Temperature.",2230,90,2,"2015-01-31T10:54:00.000Z","4.1.42","3.0.1",[65,20,66,67,68],"aviation-weather","significant-weather","taf","upper-winds-and-temperature","http:\u002F\u002Fhowtoflyahelicopter.com\u002Faviation-weather-briefing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviation-weather-briefing.1.0.zip",85,0,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":59,"num_ratings":60,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":17,"download_link":88,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"wp-taf-metar-widget","taf-metar-widget","1.0.4","wptechnology","https:\u002F\u002Fprofiles.wordpress.org\u002Fwptechnology\u002F","\u003Cp>WP TAF METAR Widget is a plugin that allows you to show the TAF or METAR (aviation weather) information from any airport directly to your WordPress WebSite, by just giving the ICAO code of the wanted airport. You can of course place more than one widget on your page, with different settings \u002F airports. The information come directly from AviationWeather.gov databases.\u003C\u002Fp>\n","This Widget allows you to show the TAF or METAR (aviation weather) information for any airport directly to your WordPress WebSite.",20,1876,"2016-11-02T13:57:00.000Z","4.6.30","3.4",[19,20,67,23,87],"widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-taf-metar-widget.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":72,"num_ratings":72,"last_updated":99,"tested_up_to":100,"requires_at_least":85,"requires_php":17,"tags":101,"homepage":102,"download_link":103,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"aviationweather-widget","AviationWeather Plugin","1.1","alessiobravi","https:\u002F\u002Fprofiles.wordpress.org\u002Falessiobravi\u002F","\u003Cp>aviationweather-widget will display in the site the RAW METAR and TAF weather bulletin for the ICAO station selected in the widget administration panel.\u003Cbr \u002F>\nThe METAR and TAF data used is provided by AviationWeather.org\u003C\u002Fp>\n","A simple widget to display current METAR and TAF for the chosen ICAO Station.",10,2962,"2012-12-14T14:10:00.000Z","3.5.2",[19,65,20,67,87],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Faviationweather-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviationweather-widget.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":97,"downloaded":112,"rating":72,"num_ratings":72,"last_updated":113,"tested_up_to":114,"requires_at_least":85,"requires_php":17,"tags":115,"homepage":116,"download_link":117,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"metar-widget","METAR plugin","0.1","mcantsin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcantsin\u002F","\u003Cp>METAR-widget lets you enter an ICAO station (airport) in the widget admin and will display the according METAR code as widget on your wordpress site.\u003Cbr \u002F>\nThe METAR data used is provided by NOAA.\u003C\u002Fp>\n","A simple widget to display the current METAR code (Pilot weather code) for a chosen ICAO station.",2568,"2012-10-26T00:27:00.000Z","3.4.2",[20,21,23,87],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmetar-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetar-widget.zip",{"slug":119,"name":120,"version":107,"author":108,"author_profile":109,"description":121,"short_description":122,"active_installs":97,"downloaded":123,"rating":72,"num_ratings":72,"last_updated":124,"tested_up_to":125,"requires_at_least":85,"requires_php":17,"tags":126,"homepage":127,"download_link":128,"security_score":71,"vuln_count":72,"unpatched_count":72,"last_vuln_date":36,"fetched_at":29},"taf-widget","TAF plugin","\u003Cp>TAF-widget lets you enter an ICAO station (airport) in the widget admin and will display the according TAF code as widget on your wordpress site.\u003Cbr \u002F>\nThe TAF data used is provided by NOAA.\u003C\u002Fp>\n","A simple widget to display the current TAF (Terminal aerodrome forecast) code for a chosen ICAO station.",1358,"2014-09-09T23:12:00.000Z","4.0.38",[20,21,67,23,87],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftaf-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaf-widget.zip",{"attackSurface":130,"codeSignals":209,"taintFlows":256,"riskAssessment":302,"analyzedAt":316},{"hooks":131,"ajaxHandlers":181,"restRoutes":200,"shortcodes":201,"cronEvents":206,"entryPointCount":207,"unprotectedCount":208},[132,138,142,147,151,155,159,163,167,170,173,177],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","awfn_logs_add_plugin_page","admin\\class-awfn-logs.php",12,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_init","awfn_logs_page_init",13,{"type":133,"name":143,"callback":144,"file":145,"line":146},"init","widget_textdomain","aviation-weather-from-noaa.php",106,{"type":133,"name":148,"callback":149,"file":145,"line":150},"sidebar_admin_setup","awfn_sidebar_admin_setup",109,{"type":133,"name":152,"callback":153,"priority":97,"file":145,"line":154},"in_plugin_update_message-aviation-weather-from-noaa\u002Faviation-weather-from-noaa.php","show_upgrade_notice",117,{"type":133,"name":156,"callback":157,"file":145,"line":158},"admin_print_styles","register_admin_styles",134,{"type":133,"name":160,"callback":161,"file":145,"line":162},"admin_enqueue_scripts","register_admin_scripts",135,{"type":133,"name":164,"callback":165,"file":145,"line":166},"wp_enqueue_scripts","register_widget_styles",138,{"type":133,"name":164,"callback":168,"file":145,"line":169},"register_widget_scripts",139,{"type":133,"name":164,"callback":171,"file":145,"line":172},"register_ajax_scripts",140,{"type":133,"name":174,"callback":175,"file":145,"line":176},"enqueue_block_editor_assets","awfn_block_editor_assets",143,{"type":133,"name":178,"callback":179,"file":145,"line":180},"widgets_init","awfn_register_widget",598,[182,187,190,194,196],{"action":183,"nopriv":184,"callback":185,"hasNonce":184,"hasCapCheck":184,"file":145,"line":186},"weather_shortcode",false,"ajax_weather_shortcode",112,{"action":183,"nopriv":188,"callback":185,"hasNonce":184,"hasCapCheck":184,"file":145,"line":189},true,113,{"action":191,"nopriv":184,"callback":192,"hasNonce":188,"hasCapCheck":184,"file":145,"line":193},"weather_widget","ajax_weather_widget",114,{"action":191,"nopriv":188,"callback":192,"hasNonce":188,"hasCapCheck":184,"file":145,"line":195},115,{"action":197,"nopriv":184,"callback":198,"hasNonce":184,"hasCapCheck":184,"file":145,"line":199},"awfn_clear_log","clear_log",116,[],[202],{"tag":203,"callback":204,"file":145,"line":205},"adds_weather","adds_weather_shortcode",146,[],6,3,{"dangerousFunctions":210,"sqlUsage":211,"outputEscaping":216,"fileOperations":207,"externalRequests":27,"nonceChecks":208,"capabilityChecks":72,"bundledLibraries":255},[],{"prepared":13,"raw":27,"locations":212},[213],{"file":145,"line":214,"context":215},396,"$wpdb->get_col() with variable interpolation",{"escaped":217,"rawEcho":218,"locations":219},84,17,[220,223,224,226,228,230,232,234,236,238,239,241,243,246,248,251,253],{"file":136,"line":221,"context":222},66,"raw output",{"file":136,"line":47,"context":222},{"file":136,"line":225,"context":222},70,{"file":136,"line":227,"context":222},73,{"file":136,"line":229,"context":222},81,{"file":136,"line":231,"context":222},94,{"file":145,"line":233,"context":222},191,{"file":145,"line":235,"context":222},195,{"file":145,"line":237,"context":222},196,{"file":145,"line":237,"context":222},{"file":145,"line":240,"context":222},198,{"file":145,"line":242,"context":222},590,{"file":244,"line":245,"context":222},"classes\\class-awfn.php",149,{"file":244,"line":247,"context":222},150,{"file":249,"line":250,"context":222},"views\\admin.php",19,{"file":249,"line":252,"context":222},29,{"file":254,"line":13,"context":222},"views\\widget.php",[],[257,274,282,294],{"entryPoint":258,"graph":259,"unsanitizedCount":72,"severity":273},"clear_log (admin\\class-awfn-logs.php:144)",{"nodes":260,"edges":271},[261,266],{"id":262,"type":263,"label":264,"file":136,"line":265},"n0","source","$_POST",147,{"id":267,"type":268,"label":269,"file":136,"line":245,"wp_function":270},"n1","sink","fopen() [File Access]","fopen",[272],{"from":262,"to":267,"sanitized":188},"low",{"entryPoint":275,"graph":276,"unsanitizedCount":72,"severity":273},"\u003Cclass-awfn-logs> (admin\\class-awfn-logs.php:0)",{"nodes":277,"edges":280},[278,279],{"id":262,"type":263,"label":264,"file":136,"line":265},{"id":267,"type":268,"label":269,"file":136,"line":245,"wp_function":270},[281],{"from":262,"to":267,"sanitized":188},{"entryPoint":283,"graph":284,"unsanitizedCount":72,"severity":273},"ajax_weather_shortcode (classes\\class-awfn-shortcode.php:58)",{"nodes":285,"edges":292},[286,289],{"id":262,"type":263,"label":287,"file":288,"line":227},"$_POST (x2)","classes\\class-awfn-shortcode.php",{"id":267,"type":268,"label":290,"file":288,"line":186,"wp_function":291},"echo() [XSS]","echo",[293],{"from":262,"to":267,"sanitized":188},{"entryPoint":295,"graph":296,"unsanitizedCount":72,"severity":273},"\u003Cclass-awfn-shortcode> (classes\\class-awfn-shortcode.php:0)",{"nodes":297,"edges":300},[298,299],{"id":262,"type":263,"label":287,"file":288,"line":227},{"id":267,"type":268,"label":290,"file":288,"line":186,"wp_function":291},[301],{"from":262,"to":267,"sanitized":188},{"summary":303,"deductions":304},"The aviation-weather-from-noaa plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query preparation and output escaping, significant concerns arise from its attack surface and vulnerability history.  The presence of three unprotected AJAX handlers presents a notable risk, as these can be exploited by unauthenticated users. The plugin's vulnerability history, specifically a high-severity path traversal vulnerability discovered in the recent past and still unpatched, is a critical red flag. This indicates a potential for attackers to manipulate file paths, leading to unauthorized access to sensitive data or even system compromise. Although taint analysis shows no unsanitized paths in the current version, the recurring nature of path-related vulnerabilities is concerning and suggests potential for reintroduction. The plugin has a moderate attack surface with several entry points, a portion of which lack proper authorization. The strengths lie in its use of prepared statements for SQL and generally good output escaping, which mitigate some common web vulnerabilities. However, the unpatched high-severity vulnerability and the unprotected AJAX endpoints create a clear and present danger.",[305,308,310,312,314],{"reason":306,"points":307},"Unpatched high severity CVE",18,{"reason":309,"points":97},"Unprotected AJAX handlers",{"reason":311,"points":97},"No capability checks",{"reason":313,"points":208},"File operations present",{"reason":315,"points":60},"External HTTP requests present","2026-03-16T20:38:46.372Z",{"wat":318,"direct":328},{"assetPaths":319,"generatorPatterns":323,"scriptPaths":324,"versionParams":325},[320,321,322],"\u002Fwp-content\u002Fplugins\u002Faviation-weather-from-noaa\u002Fcss\u002Floading.gif","\u002Fwp-content\u002Fplugins\u002Faviation-weather-from-noaa\u002Fcss\u002Fwidget.css","\u002Fwp-content\u002Fplugins\u002Faviation-weather-from-noaa\u002Fjs\u002Fwidget.js",[],[322],[326,327],"\u002Fwp-content\u002Fplugins\u002Faviation-weather-from-noaa\u002Fcss\u002Fwidget.css?ver=","\u002Fwp-content\u002Fplugins\u002Faviation-weather-from-noaa\u002Fjs\u002Fwidget.js?ver=",{"cssClasses":329,"htmlComments":331,"htmlAttributes":332,"restEndpoints":334,"jsGlobals":336,"shortcodeOutput":340},[330],"adds-weather-wrapper",[],[333],"data-instance",[335],"\u002Fwp-json\u002Faviation-weather-from-noaa\u002Fv1\u002Fstations",[337,338,339],"AWFN_Shortcode","Adds_Weather_Widget","widget_ajax_object",[341],"[adds_weather"]