Does WeatherBot Weather Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in WeatherBot Weather Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WeatherBot Weather Widget compatible with WordPress 6.8.5?

According to WordPress.org data, WeatherBot Weather Widget 1.2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WeatherBot Weather Widget compatible with PHP 7.4+?

WeatherBot Weather Widget requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WeatherBot Weather Widget updated?

WeatherBot Weather Widget was last updated on Oct 21, 2025. Frequent updates are generally a positive security signal.

What is WeatherBot Weather Widget's security score?

WeatherBot Weather Widget has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WeatherBot Weather Widget Security & Risk Analysis

wordpress.org/plugins/weatherbot

Live weather for any location using Google Weather API. Add an ADA enhanced Weather Block, Widget, or Shortcode. Precision-crafted for simplicity.

30 active installs v1.2.0 PHP 7.4+ WP 6.0+ Updated Oct 21, 2025

google-weatherlive-weatherlocal-weatherweatherweather-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WeatherBot Weather Widget Safe to Use in 2026?

Generally Safe

Score 100/100

WeatherBot Weather Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "weatherbot" plugin version 1.2.0 exhibits a generally good security posture, with several positive indicators. The complete absence of dangerous functions, raw SQL queries, and identified taint flows is highly encouraging. Furthermore, the plugin has no recorded vulnerability history, suggesting a stable and well-maintained codebase. The presence of nonce and capability checks, along with a high percentage of properly escaped output, indicates adherence to common WordPress security best practices.

However, there are specific areas of concern that warrant attention. The plugin exposes one unprotected REST API route, creating a potential entry point for unauthorized access or manipulation. While the static analysis doesn't reveal direct SQL injection or critical taint issues, an unprotected endpoint could be leveraged to exploit other, less obvious vulnerabilities or to perform actions that might have security implications if improperly handled. The external HTTP requests, while not inherently a vulnerability, should be monitored for potential risks if the target services are compromised.

In conclusion, "weatherbot" v1.2.0 is a relatively secure plugin, particularly strong in its absence of common critical vulnerabilities and its use of prepared statements. The primary weakness lies in the single unprotected REST API route, which represents an unnecessary attack surface. Addressing this specific point would significantly bolster the plugin's overall security. The lack of historical vulnerabilities is a positive sign of the developer's attention to security.

Key Concerns

Unprotected REST API route
1 REST API route without permission callbacks
68% output properly escaped

Vulnerabilities

None known

WeatherBot Weather Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WeatherBot Weather Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

188 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

68% escaped277 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

render_page (src\Admin\Settings.php:391)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WeatherBot Weather Widget Attack Surface

Entry Points3

Unprotected1

REST API Routes 1

GET/wp-json/weatherbot/v1/livesrc\Rest\LiveController.php:13

Shortcodes 2

[weather_bot] src\Shortcodes\Shortcode.php:29

[weatherbot] src\Shortcodes\Shortcode.php:30

WordPress Hooks 27

filterthe_contentincludes\shortcode-autop-guard.php:29

filterterm_descriptionincludes\shortcode-autop-guard.php:30

filterwidget_textincludes\shortcode-autop-guard.php:32

filterthe_contentincludes\shortcode-autop-guard.php:35

filterterm_descriptionincludes\shortcode-autop-guard.php:36

filterwidget_textincludes\shortcode-autop-guard.php:37

actionadmin_menusrc\Admin\Usage_Dashboard.php:22

actionadmin_post_roxxi_weather_reset_metricssrc\Admin\Usage_Dashboard.php:23

actionadmin_post_roxxi_weather_flush_geocodessrc\Admin\Usage_Dashboard.php:24

actionwp_enqueue_scriptssrc\Frontend\Assets.php:27

filterterm_descriptionsrc\Frontend\Renderer.php:336

filterterm_descriptionsrc\Frontend\Renderer.php:337

actionadmin_menusrc\Plugin.php:52

actionadmin_initsrc\Plugin.php:53

actioninitsrc\Plugin.php:56

actionwpsrc\Plugin.php:57

actionwidgets_initsrc\Plugin.php:60

actionrest_api_initsrc\Plugin.php:63

actionwp_headsrc\Shortcodes\Shortcode.php:31

actionadmin_noticesweatherbot.php:60

actionplugins_loadedweatherbot.php:86

actionadmin_noticesweatherbot.php:91

actioninitweatherbot.php:106

filterplugin_row_metaweatherbot.php:156

actionrest_api_initweatherbot.php:169

actioninitweatherbot.php:174

actionrx_weatherbot_refresh_weatherweatherbot.php:291

Scheduled Events 2

rx_weatherbot_refresh_weather

Maintenance & Trust

WeatherBot Weather Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 21, 2025

PHP min version7.4

Downloads891

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

WeatherBot Weather Widget Alternatives

Weather Widget & Forecast by Meteoprog

meteoprog-weather-informers

100

Add live local weather widgets and forecasts to WordPress. Gutenberg, Elementor, shortcodes. Free, unlimited, no API limits.

20 No CVEs

Global Weather Pro: Accurate Local Forecasts

global-weather-pro

100

Global Weather Pro is a powerful and easy-to-use WordPress plugin that delivers true hyper-local weather forecasts via two distinct weather widgets.

0 No CVEs

Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget

location-weather

100

Customizable WordPress Weather Forecast plugin to display Current Temperature, Hourly & Daily Forecasts, up to 16-Day, Air Quality, & Live Weather Map

10K 1 CVE

Weather Atlas Widget

weather-atlas

The Weather Widget with the Most Active Installations. Highly customizable, simple & beautiful. Detailed current weather, hourly & daily forecasts

9K 2 CVEs

Meteo

meteoart

100

Add an accurate French weather forecast to your site. Choose any city and country, then embed the customizable MeteoArt widget.

800 No CVEs

Developer Profile

WeatherBot Weather Widget Developer Profile

RoxxiStudios

1 plugin · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WeatherBot Weather Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weatherbot/assets/css/weather-bot.css

Script Paths

/wp-content/plugins/weatherbot/blocks/weatherbot/index.js

Version Parameters

weatherbot/assets/css/weather-bot.css?ver=weatherbot/blocks/weatherbot/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

weatherbot

Data Attributes

data-wp-block="weatherbot/weatherbot"

JS Globals

WeatherBot

REST Endpoints

/wp-json/weatherbot/v1/live

Shortcode Output

[weatherbot[weatherbot city=

FAQ