Does Weather Widget WP have any unpatched vulnerabilities?

No. All known vulnerabilities in Weather Widget WP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Weather Widget WP compatible with WordPress 6.1.10?

According to WordPress.org data, Weather Widget WP 1.0.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Weather Widget WP compatible with PHP 5.6+?

Weather Widget WP requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Weather Widget WP updated?

Weather Widget WP was last updated on Nov 8, 2022. Frequent updates are generally a positive security signal.

What is Weather Widget WP's security score?

Weather Widget WP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Weather Widget WP Security & Risk Analysis

wordpress.org/plugins/weather-widget-wp

Display weather information for a specific location.

300 active installs v1.0.0 PHP 5.6+ WP 5.0+ Updated Nov 8, 2022

current-weathertemptemperaturetoday-weatherweather

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Weather Widget WP Safe to Use in 2026?

Generally Safe

Score 85/100

Weather Widget WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The 'weather-widget-wp' plugin version 1.0.0 demonstrates a generally strong security posture based on the provided static analysis. It effectively utilizes prepared statements for all SQL queries and properly escapes all output, which are critical security best practices. The absence of dangerous functions, file operations, and known vulnerabilities further strengthens its profile. However, the complete lack of nonce checks across its entry points, particularly the AJAX handlers and REST API routes, presents a significant concern. While the analysis reports no direct indication of unsanitized paths or exploitable taint flows in this version, the absence of nonces means these entry points could be susceptible to Cross-Site Request Forgery (CSRF) attacks if malicious actors can trick authenticated users into triggering them. The plugin's vulnerability history being clear is a positive sign, suggesting it has been developed with security in mind, but it does not negate the inherent risk posed by missing CSRF protection mechanisms.

Key Concerns

Missing Nonce Checks

Vulnerabilities

None known

Weather Widget WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Weather Widget WP Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped23 total outputs

Attack Surface

Weather Widget WP Attack Surface

Entry Points3

Unprotected0

REST API Routes 2

GET/wp-json/weather-widget-wp/api/settingsadmin\routes.php:16

POST/wp-json/weather-widget-wp/api/settingsadmin\routes.php:21

Shortcodes 1

[weather_widget_wp_location] includes\shortcodes.php:201

WordPress Hooks 7

actionrest_api_initadmin\routes.php:27

actionadmin_menuadmin\settings-page.php:27

actionadmin_enqueue_scriptsadmin\settings-page.php:48

actioninitadmin\settings-page.php:59

actionwp_enqueue_scriptsincludes\enqueued.php:17

actioninitincludes\enqueued.php:29

actionplugins_loadedweather-widget-wp.php:41

Maintenance & Trust

Weather Widget WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedNov 8, 2022

PHP min version5.6

Downloads5K

Community Trust

Rating90/100

Number of ratings2

Active installs300

Alternatives

Weather Widget WP Alternatives

Meteo

meteoart

100

Add an accurate French weather forecast to your site. Choose any city and country, then embed the customizable MeteoArt widget.

800 No CVEs

m1.MiniWeather

m1miniweather

This plugin easily displays a weather widget (icon + temperature) with a destination of your choice.

400 No CVEs

Clima

clima

Este plugin te permite traer los datos del clima de yahoo clima, vas a levantar la temperatura pudiendo eleigir entre

60 No CVEs

Vejret Widget

vejret-widget

This is a Danish weather forecast widget, Just select your location and you are good to go!

40 No CVEs

Aviation Weather Briefing

aviation-weather-briefing

Display the most important Aviation Weather information such as METAR,TAF,Significant Weather and Upper Winds and Temperature.

30 No CVEs

Developer Profile

Weather Widget WP Developer Profile

ajdethemes

1 plugin · 300 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Weather Widget WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weather-widget-wp/assets/fonts/weather-widget-wp-icons/weather-widget-wp-icons.css/wp-content/plugins/weather-widget-wp/assets/css/main.css/wp-content/plugins/weather-widget-wp/build/admin/index.css/wp-content/plugins/weather-widget-wp/build/admin/index.js

Script Paths

/wp-content/plugins/weather-widget-wp/build/admin/index.js

Version Parameters

weather-widget-wp/assets/fonts/weather-widget-wp-icons/weather-widget-wp-icons.css?ver=weather-widget-wp/assets/css/main.css?ver=weather-widget-wp/build/admin/index.css?ver=weather-widget-wp/build/admin/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

weather-widget-wp-settings-page

Data Attributes

data-block="weather-widget-wp/weather-widget-wp-block"

JS Globals

weatherWidgetWpObject

REST Endpoints

/wp-json/weather-widget-wp/api/settings

Shortcode Output

[weather_location

FAQ