Does Easy Weather Widget have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Weather Widget compatible with WordPress 4.9.29?

According to WordPress.org data, Easy Weather Widget 3.2.5 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Easy Weather Widget updated?

Easy Weather Widget was last updated on Dec 30, 2017. Frequent updates are generally a positive security signal.

What is Easy Weather Widget's security score?

Easy Weather Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Weather Widget Security & Risk Analysis

wordpress.org/plugins/easy-weather-widget

Easy Weather Widget provides you with an easy to use widget which outputs weather information. When creating the widget just enter in your U.S.

80 active installs v3.2.5 PHP + WP 2.8+ Updated Dec 30, 2017

weatherwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Easy Weather Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Weather Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The static analysis of easy-weather-widget v3.2.5 indicates a generally positive security posture, with no identified CVEs and a strong adherence to secure SQL practices. The plugin also demonstrates good practices by not exposing numerous direct entry points through AJAX, REST API, or shortcodes, and it does not appear to utilize cron events. However, there are notable concerns. The presence of the `create_function` is a critical red flag due to its historical association with severe vulnerabilities, especially when inputs are not strictly controlled. Furthermore, only 35% of output escaping is properly implemented, leaving a significant portion of dynamic output potentially vulnerable to cross-site scripting (XSS) attacks. The complete absence of nonce checks and capability checks on potential entry points, combined with the lack of taint analysis data, suggests that any vulnerabilities introduced by the insecure `create_function` or unescaped output could be easily exploited without prior authentication or authorization.

Key Concerns

Use of dangerous function: create_function
Low percentage of properly escaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Easy Weather Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Easy Weather Widget Release Timeline

v3.2.5Current

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.0

v3.0.1

v3.0

v2.2

v2.1.0.1

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0

Code Analysis

Analyzed Mar 16, 2026

Easy Weather Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "\\EWW\\Widget" );' ) );eww\widget.php:18

Output Escaping

35% escaped20 total outputs

Attack Surface

Easy Weather Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_enqueue_scriptseasy-weather-widget.php:52

actionadmin_noticeseww\notice\notice.php:15

actionadmin_initeww\settings\open-weather-api.php:13

actionwidgets_initeww\widget.php:18

actioninittranslate.php:5

Maintenance & Trust

Easy Weather Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 30, 2017

PHP min version

Downloads23K

Community Trust

Rating86/100

Number of ratings6

Active installs80

Alternatives

Easy Weather Widget Alternatives

Weather Atlas Widget

weather-atlas

The Weather Widget with the Most Active Installations. Highly customizable, simple & beautiful. Detailed current weather, hourly & daily forecasts

9K 2 CVEs

wp-forecast

wp-forecast is a highly customizable plugin for wordpress, showing weather-data from open-meteo.com and/or openweathermap.com.

5K 2 CVEs

Meteo

meteoart

Add an accurate French weather forecast to your site. Choose any city and country, then embed the customizable MeteoArt widget.

900 No CVEs

ICIT Weather Widget

interconnect-it-weather-widget

The ICIT Weather Widget provides a simple way to show a weather forecast on your website.

400 No CVEs

m1.MiniWeather

m1miniweather

This plugin easily displays a weather widget (icon + temperature) with a destination of your choice.

400 No CVEs

Developer Profile

Easy Weather Widget Developer Profile

Mat Gargano

4 plugins · 150 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Weather Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-weather-widget/css/style.min.css

Version Parameters

easy-weather-widget/css/style.min.css?ver=

HTML / DOM Fingerprints

FAQ