Does Weather Map have any unpatched vulnerabilities?

No. All known vulnerabilities in Weather Map have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Weather Map compatible with WordPress 6.8.5?

According to WordPress.org data, Weather Map 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Weather Map compatible with PHP 7.4+?

Weather Map requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Weather Map updated?

Weather Map was last updated on Aug 2, 2025. Frequent updates are generally a positive security signal.

What is Weather Map's security score?

Weather Map has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Weather Map Security & Risk Analysis

wordpress.org/plugins/weather-map

Display weather data for multiple coordinates using OpenWeatherMap, with caching and shortcode support.

0 active installs v1.0 PHP 7.4+ WP 5.0+ Updated Aug 2, 2025

apimapopenweathermapshortcodeweather

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Weather Map Safe to Use in 2026?

Generally Safe

Score 100/100

Weather Map has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "weather-map" plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL injection and output escaping, with all SQL queries utilizing prepared statements and all outputs being properly escaped. The absence of known vulnerabilities in its history further suggests a generally well-maintained or less targeted plugin. However, a significant concern arises from the presence of an unprotected AJAX handler, which represents a direct entry point for potential attacks without any authentication or authorization checks. The lack of capability checks for any entry points is also a notable weakness, as it means that potentially sensitive operations could be accessible to users without the necessary permissions.

The static analysis reveals a relatively small attack surface with only four identified entry points, one of which is unprotected. The taint analysis shows no critical or high-severity flows, and the absence of dangerous functions and file operations are strengths. Despite these positive indicators, the single unprotected AJAX handler and the complete absence of capability checks are critical oversight that could be exploited. Given the clean vulnerability history, it's possible that the developers have historically been diligent, but this specific version has introduced a new, significant risk.

In conclusion, while "weather-map" v1.0 benefits from secure data handling and a clean vulnerability history, the unprotected AJAX handler is a serious flaw that significantly degrades its security posture. The lack of capability checks across all entry points further amplifies this risk. These issues require immediate attention to mitigate potential security breaches.

Key Concerns

Unprotected AJAX handler
No capability checks on entry points

Vulnerabilities

None known

Weather Map Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Weather Map Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped7 total outputs

Attack Surface

1 unprotected

Weather Map Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_weathermap_get_weatherweather-map.php:154

noprivwp_ajax_weathermap_get_weatherweather-map.php:155

authwp_ajax_weathermap_validate_api_keyweather-map.php:157

Shortcodes 1

[weathermap] weather-map.php:133

WordPress Hooks 4

actionadmin_initweather-map.php:39

actionadmin_menuweather-map.php:78

actionwp_enqueue_scriptsweather-map.php:116

actionadmin_enqueue_scriptsweather-map.php:127

Maintenance & Trust

Weather Map Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 2, 2025

PHP min version7.4

Downloads248

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Weather Map Alternatives

Weather Forecast Widget

weather-forecast-widget

100

"Weather Forecast Widget" displays current weather and hourly/daily forecasts in a widget using a shortcode.

200 No CVEs

wp-forecast

wp-forecast is a highly customizable plugin for wordpress, showing weather-data from open-meteo.com and/or openweathermap.com.

5K 2 CVEs

Visual Crossing Weather Forecast – Real-Time Weather & Forecast Widget

visualcrossing-weather-forecast

Display professional, real-time weather forecasts and conditions from Visual Crossing Weather API anywhere on your WordPress website.

50 No CVEs

Extended Weather

extended-weather

Extended Weather is a WordPress plugin that fetches real-time weather from OpenWeatherMap, offering customizable displays.

20 No CVEs

Animated Weather Widget

animated-weather-widget

Enhance your WordPress site with a sleek, modern weather widget powered by the OpenWeatherMap API and animated Meteocons icons.

10 No CVEs

Developer Profile

Weather Map Developer Profile

Xiangxu

4 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Weather Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weather-map/assets/lib/leaflet/leaflet.css/wp-content/plugins/weather-map/assets/lib/leaflet/leaflet.js/wp-content/plugins/weather-map/assets/css/weather-map.css/wp-content/plugins/weather-map/assets/js/weather-map.js/wp-content/plugins/weather-map/assets/js/admin-settings.js

Script Paths

/wp-content/plugins/weather-map/assets/lib/leaflet/leaflet.js/wp-content/plugins/weather-map/assets/js/weather-map.js/wp-content/plugins/weather-map/assets/js/admin-settings.js

Version Parameters

weather-map/assets/lib/leaflet/leaflet.css?ver=weather-map/assets/lib/leaflet/leaflet.js?ver=weather-map/assets/css/weather-map.css?ver=weather-map/assets/js/weather-map.js?ver=weather-map/assets/js/admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

weather-map-loading-overlayspinner

HTML Comments

<!-- To help reduce usage, this plugin uses a <strong>15-minute cache</strong> per coordinate. Data will not be refreshed again within that time. -->

+1 more

Data Attributes

weathermap_settings_groupweathermap_weather_api_keyweathermap_coordinates_listweathermap_settings_sectionweathermap_weather_mapweathermap-test-api-btn+2 more

JS Globals

weathermap_SettingsWeatherMapAdmin

REST Endpoints

/wp-json/weather-map/v1/get-weather

Shortcode Output

<div id="map-container" style="position: relative;"><div id="weather-map" style="height: 400px;"></div><div id="weather-map-loading-overlay" class="weather-map-loading-overlay" style="display: none;"><div class="spinner"></div></div></div>

FAQ