Does GI Weather have any unpatched vulnerabilities?

No. All known vulnerabilities in GI Weather have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GI Weather compatible with WordPress 4.1.42?

According to WordPress.org data, GI Weather 1.0.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is GI Weather updated?

GI Weather was last updated on Unknown. Frequent updates are generally a positive security signal.

What is GI Weather's security score?

GI Weather has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GI Weather Security & Risk Analysis

wordpress.org/plugins/gi-weather

GI Weather Plugin is a simple tool that help you to obtain current weather data for any city in the world.

10 active installs v1.0.0 PHP + WP 4.0+ Updated Unknown

forcastinglocationopen-weathr-apitimezoneweather

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GI Weather Safe to Use in 2026?

Generally Safe

Score 100/100

GI Weather has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'gi-weather' plugin version 1.0.0 exhibits a concerning security posture due to significant gaps in input validation and authorization checks. While the plugin shows good practices by avoiding dangerous functions and using prepared statements for any potential SQL queries, the presence of two AJAX handlers without any authentication checks represents a substantial attack surface. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating that user-supplied data is not being properly validated before being processed, which could lead to unexpected behavior or potential vulnerabilities, even though no critical or high severity issues were directly identified in this specific analysis. The complete lack of vulnerability history for this plugin is a positive sign, suggesting it has not been historically a target or has been developed with a degree of security awareness. However, the current static analysis findings, particularly the unprotected entry points and unsanitized data flows, outweigh the positive aspects, necessitating caution.

Key Concerns

AJAX handlers without authentication checks
Unsanitized paths in taint analysis flows
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

GI Weather Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GI Weather Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped20 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

giw_register_settings (classes\gi_weather_settings.php:46)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

GI Weather Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

noprivwp_ajax_giw_get_weather_for_widgetclasses\gi_weather_functions.php:21

authwp_ajax_giw_get_weather_for_widgetclasses\gi_weather_functions.php:22

Shortcodes 1

[gi_temp] classes\gi_weather_functions.php:24

WordPress Hooks 5

actionbp_before_member_header_metaclasses\gi_weather_functions.php:25

actionplugins_loadedclasses\gi_weather_settings.php:7

actionadmin_menuclasses\gi_weather_settings.php:9

actionadmin_initclasses\gi_weather_settings.php:10

actionwidgets_initclasses\gi_widget.php:52

Maintenance & Trust

GI Weather Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

GI Weather Alternatives

Weather Atlas Widget

weather-atlas

The Weather Widget with the Most Active Installations. Highly customizable, simple & beautiful. Detailed current weather, hourly & daily forecasts

9K 2 CVEs

Simple Location

simple-location

100

Adds geographic location and weather support to WordPress.

300 No CVEs

Whereabouts

whereabouts

Users can set their current location via the WordPress dashboard. A widget displays the location and the corresponding time (zone).

20 No CVEs

Whereabouts: Swarm

whereabouts-swarm

Display your current location, automatically updated by your latest Swarm check-in.

20 No CVEs

Custom Location Weather

custom-location-weather

100

Display current weather conditions and local time for any specified location using OpenWeatherMap API.

0 No CVEs

Developer Profile

GI Weather Developer Profile

GICoder

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GI Weather

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gi-weather/css/select.css/wp-content/plugins/gi-weather/js/select.js

Script Paths

/wp-content/plugins/gi-weather/js/select.js

Version Parameters

gi-weather/css/select.css?ver=gi-weather/js/select.js?ver=

HTML / DOM Fingerprints

CSS Classes

giw-weather-widgetgiw-weather-locationgiw-weather-tempgiw-weather-descriptiongiw-weather-icon

HTML Comments

Data Attributes

data-weather-citydata-weather-regiondata-weather-timezonedata-weather-country-codedata-weather-api-key

JS Globals

giw_ajax_urlgiw_weather_data

REST Endpoints

/wp-json/giw/v1/get_weather

Shortcode Output

[gi_temp]

FAQ