WP-Safety

Extended Weather Security & Risk Analysis

wordpress.org/plugins/extended-weather

Extended Weather is a WordPress plugin that fetches real-time weather from OpenWeatherMap, offering customizable displays.

20 active installs v1.0 PHP + WP 5.0+ Updated Nov 3, 2024
openweathermapweatherwordpress-plugin
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Extended Weather Safe to Use in 2026?

Generally Safe

Score 92/100

Extended Weather has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'extended-weather' v1.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of detected dangerous functions, raw SQL queries, and file operations is a strong indicator of secure coding practices. The high percentage of properly escaped output further strengthens this assessment, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The plugin also demonstrates awareness of WordPress security by including nonce and capability checks. The fact that there is no known vulnerability history is a significant positive sign, suggesting a well-maintained and secure codebase over time.

Despite the positive indicators, there are a few areas that warrant attention. While the total number of entry points is low, the presence of two shortcodes represents potential vectors for exploitation if not carefully handled. The plugin makes one external HTTP request, which, although common, introduces a dependency on an external service's security and availability. The limited number of taint flows analyzed (2) is not statistically significant enough to entirely rule out potential issues, though the absence of unsanitized paths is encouraging. Overall, the plugin appears robust, but continued vigilance with its entry points and external dependencies is recommended.

Key Concerns

  • Shortcodes as entry points
  • External HTTP request present
Vulnerabilities
None known

Extended Weather Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Extended Weather Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
291 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

97% escaped301 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wtdp_settings_page_html (admin.php:125)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Extended Weather Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[wtdp_display_latest_2] latest-2.php:190
[wtdp_display_latest] latest.php:266
WordPress Hooks 8
actionadmin_enqueue_scriptsadmin.php:90
actionadmin_menuadmin.php:104
actionadmin_enqueue_scriptsadmin.php:120
actionplugins_loadedextended-weather.php:42
actionwp_headlatest-2.php:77
actionadmin_enqueue_scriptslatest-2.php:78
actionwp_headlatest.php:159
actionadmin_enqueue_scriptslatest.php:160
Maintenance & Trust

Extended Weather Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedNov 3, 2024
PHP min version
Downloads65K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Extended Weather Alternatives

wp-forecast

wp-forecast

wp-forecast

A
99

wp-forecast is a highly customizable plugin for wordpress, showing weather-data from open-meteo.com and/or openweathermap.com.

5K 2 CVEs
Weather Forecast Widget

Weather Forecast Widget

weather-forecast-widget

A
100

"Weather Forecast Widget" displays current weather and hourly/daily forecasts in a widget using a shortcode.

200 No CVEs
Animated Weather Widget

Animated Weather Widget

animated-weather-widget

A
92

Enhance your WordPress site with a sleek, modern weather widget powered by the OpenWeatherMap API and animated Meteocons icons.

10 No CVEs
Moody Weather

Moody Weather

moody-weather

A
92

Displays a mood and icon based on the current weather conditions using data from OpenWeatherMap.

10 No CVEs
HD Weather Widget by The Waypoint

HD Weather Widget by The Waypoint

waypoint-hd-weather-widget

A
100

A beautiful HD weather widget with high-resolution 331dpi backgrounds, 5-day forecasts, and modern OpenWeatherMap integration.

10 No CVEs
Developer Profile

Extended Weather Developer Profile

Stanislav Štajer

1 plugin · 20 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Extended Weather

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/extended-weather/includes/admin.css/wp-content/plugins/extended-weather/includes/admin.js/wp-content/plugins/extended-weather/includes/leaflet/leaflet.css/wp-content/plugins/extended-weather/includes/leaflet/leaflet.js/wp-content/plugins/extended-weather/includes/my-ajax.js/wp-content/plugins/extended-weather/includes/wp-color-picker-alpha/dist/wp-color-picker-alpha.min.js
Script Paths
includes/admin.jsincludes/my-ajax.jsincludes/wp-color-picker-alpha/dist/wp-color-picker-alpha.min.jsincludes/leaflet/leaflet.js
Version Parameters
extended-weather/includes/admin.css?ver=extended-weather/includes/admin.js?ver=extended-weather/includes/leaflet/leaflet.css?ver=extended-weather/includes/leaflet/leaflet.js?ver=extended-weather/includes/my-ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
wtdp-settings-sectionwtdp-weather-adminwtdp-color-picker
HTML Comments
<!-- EXTENDED WEATHER PLUGIN SETTINGS PAGE --><!-- General Settings Section --><!-- Latest Widget Settings Section --><!-- Forecast Widget Settings Section -->+7 more
Data Attributes
data-wtdp-api-keydata-wtdp-latitudedata-wtdp-longitudedata-wtdp-plugin-path
JS Globals
wtdp_PluginData
Shortcode Output
[extended_weather_latest[extended_weather_forecast[extended_weather_historical
FAQ

Frequently Asked Questions about Extended Weather