Does Weather Forecast Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Weather Forecast Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Weather Forecast Widget compatible with WordPress 6.8.5?

According to WordPress.org data, Weather Forecast Widget 1.1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Weather Forecast Widget updated?

Weather Forecast Widget was last updated on Aug 2, 2025. Frequent updates are generally a positive security signal.

What is Weather Forecast Widget's security score?

Weather Forecast Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Weather Forecast Widget Security & Risk Analysis

wordpress.org/plugins/weather-forecast-widget

"Weather Forecast Widget" displays current weather and hourly/daily forecasts in a widget using a shortcode.

200 active installs v1.1.7 PHP + WP 3.0.1+ Updated Aug 2, 2025

openweathermapshortcodeweatherweather-forecastweather-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Weather Forecast Widget Safe to Use in 2026?

Generally Safe

Score 100/100

Weather Forecast Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "weather-forecast-widget" plugin version 1.1.7 presents a mixed security posture. On the positive side, it demonstrates good practices with SQL queries being 100% prepared and no known historical CVEs. The absence of critical or high severity taint flows further suggests a relatively clean codebase in those areas. However, there are significant concerns regarding its attack surface and output sanitization.

The plugin has a considerable number of entry points, with two AJAX handlers lacking authentication checks. This represents a direct pathway for unauthorized actions or information disclosure if exploited. Furthermore, a significant portion of its output (68%) is not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities when user-supplied data is rendered on the frontend.

While the plugin has no recorded vulnerabilities, this should not be taken as a guarantee of future security. The presence of unprotected AJAX endpoints and poor output escaping are common precursors to vulnerabilities. The plugin's strengths lie in its SQL handling and lack of historical exploits, but its current implementation has clear weaknesses that need to be addressed to improve its overall security.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
No nonce checks on AJAX handlers

Vulnerabilities

None known

Weather Forecast Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Weather Forecast Widget Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

124

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

32% escaped183 total outputs

Attack Surface

2 unprotected

Weather Forecast Widget Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_wfw_process_ajaxpublic\class-weather-forecast-widget-shortcodes.php:114

noprivwp_ajax_wfw_process_ajaxpublic\class-weather-forecast-widget-shortcodes.php:115

Shortcodes 1

[weather_forecast_widget] public\class-weather-forecast-widget-shortcodes.php:112

WordPress Hooks 13

actionplugins_loadedincludes\class-weather-forecast-widget.php:153

actionadmin_enqueue_scriptsincludes\class-weather-forecast-widget.php:168

actionadmin_enqueue_scriptsincludes\class-weather-forecast-widget.php:169

actionadmin_menuincludes\class-weather-forecast-widget.php:171

actionadmin_initincludes\class-weather-forecast-widget.php:172

actioninitincludes\class-weather-forecast-widget.php:174

actionadmin_enqueue_scriptsincludes\class-weather-forecast-widget.php:177

actionadmin_enqueue_scriptsincludes\class-weather-forecast-widget.php:178

actionwp_enqueue_scriptsincludes\class-weather-forecast-widget.php:193

actionwp_enqueue_scriptsincludes\class-weather-forecast-widget.php:194

actionwp_enqueue_scriptsincludes\class-weather-forecast-widget.php:197

actionwp_enqueue_scriptsincludes\class-weather-forecast-widget.php:198

actioninitincludes\class-weather-forecast-widget.php:199

Maintenance & Trust

Weather Forecast Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 2, 2025

PHP min version

Downloads7K

Community Trust

Rating80/100

Number of ratings3

Active installs200

Alternatives

Weather Forecast Widget Alternatives

Visual Crossing Weather Forecast – Real-Time Weather & Forecast Widget

visualcrossing-weather-forecast

Display professional, real-time weather forecasts and conditions from Visual Crossing Weather API anywhere on your WordPress website.

50 No CVEs

Free Weather

free-weather

100

Add a free 6-day weather forecast widget to your site. Clean design, accurate data — perfect for blogs, news, or travel websites.

300 No CVEs

Australian Weather Widget – WillyWeather

australian-weather-widget-willyweather

Australian weather widgets for Wordpress, with the latest data sourced from the Bureau of Meteorology (BoM). Custom designs to suit any website.

200 No CVEs

US Weather Widget – WillyWeather

us-weather-widget-willyweather

US weather widgets for Wordpress, with the latest data sourced from NOAA. Custom designs to suit any website.

200 No CVEs

Weather Widget & Forecast by Meteoprog

meteoprog-weather-informers

100

Add live local weather widgets and forecasts to WordPress. Gutenberg, Elementor, shortcodes. Free, unlimited, no API limits.

20 No CVEs

Developer Profile

Weather Forecast Widget Developer Profile

adminbergtourentipptirol

1 plugin · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Weather Forecast Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weather-forecast-widget/public/css/weather-icons/weather-icons.min.css/wp-content/plugins/weather-forecast-widget/public/js/weather-forecast-widget-public.js/wp-content/plugins/weather-forecast-widget/admin/css/weather-forecast-widget-admin.css/wp-content/plugins/weather-forecast-widget/admin/js/weather-forecast-widget-admin.js/wp-content/plugins/weather-forecast-widget/admin/js/weather-forecast-widget-media-uploader.js

Version Parameters

weather-forecast-widget/public/js/weather-forecast-widget-public.js?ver=weather-forecast-widget-admin.css?ver=weather-forecast-widget-admin.js?ver=weather-forecast-widget-media-uploader.js?ver=

HTML / DOM Fingerprints

CSS Classes

wfw-widget-containerwfw-forecast-tablewfw-hourly-forecastwfw-daily-forecastwfw-current-weatherwfw-location-infowfw-weather-iconwfw-temperature+8 more

Data Attributes

data-citydata-apikeydata-daysdata-hourlydata-show-humiditydata-show-wind+5 more

JS Globals

WEATHER_FORECAST_WIDGET_BASE_URLwfw_params

Shortcode Output

[weather-forecast-widget][weather-forecast-widget city='London' apikey='your_api_key']

FAQ