[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmENjlG6bimquzQSZid5UbgBDcLCGLdtFZcrrcTNHX2E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":52,"analysis":146,"fingerprints":273},"wetterwarner","Wetterwarner","2.8","Tim","https:\u002F\u002Fprofiles.wordpress.org\u002Fbocanegra\u002F","\u003Cp>Wetterwarner zeigt amtliche Wetterwarnungen für Deine eingestellte Region in einem Widget an.\u003C\u002Fp>\n\u003Cp>Optional kann eine Wetterkarte angezeigt werden. Die Karte aktualisiert sich selbstständig und wird herausgegeben vom Deutschen Wetterdienst.\u003C\u002Fp>\n\u003Cp>Funktionen im Überblick:\u003Cbr \u002F>\n* Anzeige von beliebig vielen Wetterwarnungen\u003Cbr \u002F>\n* Widget Texte komplett frei einstellbar\u003Cbr \u002F>\n* Einfache Integration in WordPress Theme\u003Cbr \u002F>\n* Cache Funktion welche die Daten auf deinem Webspace zwischengespeichert, um die benötigten Daten schneller zu laden\u003Cbr \u002F>\n* Optional: Wetterkarte in anpassbarer Größe\u003Cbr \u002F>\n* Optional: Mouseover Effekt – Erweiterter Warnungstext wird angezeigt\u003Cbr \u002F>\n* Optional: Icons vor den Wettermeldungen\u003Cbr \u002F>\n* Und vieles mehr…\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fit93.de\u002Fprojekte\u002Fwetterwarner\u002Fdemo\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Wichtige Informationen zum Bild\u003C\u002Fh4>\n\u003Cp>Die verwendete Wetterkarte entstammt der Seite www.dwd.de – Beim Aufrufen des Widgets wird das Bild (SSL verschlüsselt) von einer externen Seite geladen. Sämtliche Bildrechte liegen bei dem Betreiber. Ich weise ausdrücklich darauf hin, im Namen des Betreibers, dass das Bild nicht verändert werden darf!\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.wettergefahren.de\u002Fcopyright.html\" rel=\"nofollow ugc\">Weitere Informationen\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Wichtige Informationen zur Informations Quelle\u003C\u002Fh4>\n\u003Cp>Als Quelle der Informationen werden RSS Feeds der Webseite http:\u002F\u002Fwettwarn.de genutzt. Diese Seite nutzt amtliche Meldungen des Deutschen Wetterdienst. Sämtliche Urheberrechte verbleiben bei dem Betreiber.\u003C\u002Fp>\n\u003Ch4>Weitere Informationen\u003C\u002Fh4>\n\u003Cp>Dieses Plugin sollte in keinem Fall einer amtlichen Informationsquelle vorgezogen werden. Die Meldungen können teilweise gekürzt sein.\u003C\u002Fp>\n\u003Cp>Das Plugin “Wetterwarner” wurde nach bestem Wissen und Gewissen erstellt und getestet. Ich hafte nicht für entstadene Schäden, Fehlfunktionen, Verstöße gegen geltendes Urheber- und\u002Foder Datenschutzrecht. Nur für die Nutzung in Deutschland vorgesehen. Generelle Nutzung auf eigene Gefahr! In keinster Weise steht dieses Plugin in Verbindung mit der gleichnamigen Android\u002FiOS App.\u003Cbr \u002F>\nAlle vom Plugin initiierte Verbindungen zu externen Servern werden per SSL abgesichert.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ffontawesome.io\" rel=\"nofollow ugc\">Font Awesome\u003C\u002Fa> by Dave Gandy\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fnicolashoening.de?twocents&nr=8\" rel=\"nofollow ugc\">PopUp text boxes\u003C\u002Fa> by Nicolas Höning\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Ferikflowers.github.io\u002Fweather-icons\u002F\" rel=\"nofollow ugc\">Weather Icons project\u003C\u002Fa> by Erik Flowers\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkallookoo\u002Fwp-color-picker-alpha\" rel=\"nofollow ugc\">wp-color-picker-alpha\u003C\u002Fa>\u003C\u002Fp>\n","Wetterwarner zeigt amtliche Wetterwarnungen für Deine eingestellte Region in einem Widget an.",500,31568,100,6,"2025-11-18T22:47:00.000Z","6.9.4","5.8","7.4",[20,21,22,23,24],"sturm","unwetter","warnung","wetter","wetterdienst","https:\u002F\u002Fit93.de\u002Fprojekte\u002Fwetterwarner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwetterwarner.2.8.zip",99,1,0,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-32489","wetterwarner-authenticated-administrator-stored-cross-site-scripting","Wetterwarner \u003C= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Wetterwarner plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.7.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-30 13:37:03",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2ba73538-fa6b-43d2-8253-759ee962c838?source=api-prod",22,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":47,"trust_score":50,"computed_at":51},"bocanegra",93,"2026-04-05T08:49:54.540Z",[53,74,90,108,127],{"slug":54,"name":55,"version":56,"author":54,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":13,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wettervorhersage","Wettervorhersage","1.0.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fwettervorhersage\u002F","\u003Cp>Wettervorhersage widget is a free weather forecasting widget for your beautiful wordpress website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Supported in German and English\u003C\u002Fli>\n\u003Cli>The widget is responsive, perfect for mobile and desktop.\u003C\u002Fli>\n\u003Cli>Widget style like background and color can be customized\u003C\u002Fli>\n\u003Cli>No development skills are needed\u003C\u002Fli>\n\u003Cli>High performance and lightweight code\u003C\u002Fli>\n\u003Cli>SEO friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>** For special customization requests please contact this mail -> wettervorhersage@wetter2.com\u003C\u002Fp>\n\u003Cp>The Wettervorhersage plugin is relying on a 3rd party as a service, the widget is using weather services provided by wetter2.com.\u003Cbr \u002F>\n* Service provider link – https:\u002F\u002Fwww.wetter2.com\u003Cbr \u002F>\n* Service provider terms of use link – https:\u002F\u002Fwww.wetter2.com\u002Fterms\u003Cbr \u002F>\n* Service privacy policy link – https:\u002F\u002Fwww.wetter2.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Get the new and amazing weather forecast widget, select location and colors, responsive widget.",2000,15606,4,"2024-02-29T18:38:00.000Z","6.4.8","4.0.1","",[68,69,70,23,54],"klima","vreme","weather","https:\u002F\u002Fwww.wetter2.com\u002Fwidgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwettervorhersage.zip",85,{"slug":23,"name":75,"version":56,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":65,"requires_php":66,"tags":86,"homepage":71,"download_link":89,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Wetter2","wetter2","https:\u002F\u002Fprofiles.wordpress.org\u002Fwetter2\u002F","\u003Cp>The best German weather forecast widget plugin!\u003C\u002Fp>\n\u003Cp>Wetter2.com offers an accurate weather forecast for all cities around the world.\u003Cbr \u002F>\nJust set the city and country and embed the widget in your website\u002Fblog.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widgets are free of charge\u003C\u002Fli>\n\u003Cli>Widget style can be customized\u003C\u002Fli>\n\u003Cli>Responsive weather widget\u003C\u002Fli>\n\u003Cli>No development skills are needed\u003C\u002Fli>\n\u003Cli>High performance and lightweight code\u003C\u002Fli>\n\u003Cli>SEO friendly – no iframes\u003C\u002Fli>\n\u003Cli>Select your display language – German\u002FEnglish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>** For special customization requests please contact this mail -> contact@wetter2.com\u003C\u002Fp>\n","Beautiful English\u002FGerman weather forecast widget, All locations around the world, no need for API key.",300,4627,84,5,"2021-07-16T07:01:00.000Z","5.8.13",[87,68,23,88,54],"heutige-wetter","wetter-deutschland","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwetter.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":28,"last_updated":100,"tested_up_to":101,"requires_at_least":6,"requires_php":66,"tags":102,"homepage":106,"download_link":107,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"my-weather","My Weather","1.1","enclick","https:\u002F\u002Fprofiles.wordpress.org\u002Fenclick\u002F","\u003Cp>Display the weather for your city on the sidebar. Select from various layouts, designs and colours\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select your country and city, check \u003Ca href=\"http:\u002F\u002Fopenweather.com\" title=\"Weather round the world\" rel=\"nofollow ugc\">openweather.com\u003C\u002Fa> database of over 60,000 cities\u003C\u002Fli>\n\u003Cli>Select from a range of small to large widget designs\u003C\u002Fli>\n\u003Cli>Select centigrade or fahrenheit\u003C\u002Fli>\n\u003Cli>Select custom text and backround colours\u003C\u002Fli>\n\u003Cli>Examples of the weather widgets can be found at \u003Ca href=\"http:\u002F\u002Fwww.openweather.com\u002Fwordpress.phtml\" title=\"wordpress weather plugins\" rel=\"nofollow ugc\">openweather.com\u002Fwordpress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Display the weather for your city on the sidebar. Select from various layouts, designs and colours",200,52906,"2015-04-24T14:08:00.000Z","4.2.39",[103,104,70,105,23],"el-tiempo","meteo","weather-forecast","http:\u002F\u002Fweatherforecastmap.com\u002Fwordpress.phtml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-weather.1.1.zip",{"slug":109,"name":110,"version":93,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":66,"tags":122,"homepage":125,"download_link":126,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"das-wetter-von-wettercom","Das Wetter von wetter.com","wettercom","https:\u002F\u002Fprofiles.wordpress.org\u002Fwettercom\u002F","\u003Cp>Mehr Informationen zum Plugin finden Sie unter http:\u002F\u002Fwww.wetter.com\u002Fservices\u002Fwetter_tools\u002Fwordpress_plugin\u002F. Damit Sie die Wetterdaten abrufen können, benötigen Sie einen Zugang zu unserer openweather Schnittstelle.\u003C\u002Fp>\n\u003Cp>The current version of this plugin is only available in German.\u003C\u002Fp>\n","Das Wetter Plugin für Wordpress von wetter.com zeigt aktuelle Wetterinformationen für die Stadt deiner Wahl an. Das Plugin ist leicht zu installieren  &hellip;",50,8839,30,2,"2017-05-03T07:52:00.000Z","4.7.32","3.0",[123,104,124,70,23],"forecast","vorhersage","http:\u002F\u002Fwww.wetter.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdas-wetter-von-wettercom.1.1.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":135,"num_ratings":28,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":66,"tags":140,"homepage":144,"download_link":145,"security_score":73,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"weather-for-germany","schmie_Wetter","1.4.4","schmiddim","https:\u002F\u002Fprofiles.wordpress.org\u002Fschmiddim\u002F","\u003Cp>Update 5.06.11\u003Cbr \u002F>\nIcons werden wieder angezeigt, optional können Temperatur-Tagesmaximum -Tagesminimum ausgegeben werden.\u003Cbr \u002F>\nDas Widget zeigt das Wetter in Deiner Stadt an; geb einfach deine Postleitzahl ein und\u003Cbr \u002F>\nfuer wieviele Tage Du eine Prognose moechtest. Neu hinzugekommen ist die Möglichkeit einen eigenen\u003Cbr \u002F>\nOrtsnamen zu verwenden. Durch Andreas Gregor (www.andreasgregor.de) wurde das Layout verbessert.\u003C\u002Fp>\n\u003Ch3>schmie_Wetter\u003C\u002Fh3>\n\u003Cp>author Schmitt, Michael\u003Cbr \u002F>\nTags weather, germany, by igoogle\u003C\u002Fp>\n","Update 5.06.11",20,7839,"2011-08-13T08:00:00.000Z","3.1.4","2.0.2",[141,142,143,70,23],"deutschland","german-weather","germany","http:\u002F\u002Fschmiddi.co.cc\u002Fwordpress_plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweather-for-germany.zip",{"attackSurface":147,"codeSignals":206,"taintFlows":262,"riskAssessment":263,"analyzedAt":272},{"hooks":148,"ajaxHandlers":199,"restRoutes":200,"shortcodes":201,"cronEvents":202,"entryPointCount":29,"unprotectedCount":29},[149,155,159,163,166,171,175,179,183,186,191,195],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","admin_menu","wetterwarner_add_admin_menu","wetterwarner-settings.php",10,{"type":150,"name":156,"callback":157,"file":153,"line":158},"admin_init","wetterwarner_settings_init",11,{"type":150,"name":160,"callback":161,"file":153,"line":162},"admin_enqueue_scripts","wetterwarner_admin_scripts",12,{"type":150,"name":156,"callback":164,"file":153,"line":165},"closure",110,{"type":150,"name":167,"callback":168,"file":169,"line":170},"wp_enqueue_scripts","enqueueStyleAndScripts","wetterwarner.php",45,{"type":150,"name":172,"callback":173,"file":169,"line":174},"widgets_init","wetterwarner_init_widget",490,{"type":150,"name":176,"callback":177,"file":169,"line":178},"plugins_loaded","wetterwarner_load_textdomain",492,{"type":150,"name":180,"callback":181,"priority":154,"file":169,"line":182},"upgrader_process_complete","wetterwarner_upgrade_completed",493,{"type":150,"name":184,"callback":184,"file":169,"line":185},"wetterwarner_data_update",494,{"type":187,"name":188,"callback":189,"file":169,"line":190},"filter","debug_information","wetterwarner_debug_info",495,{"type":187,"name":192,"callback":193,"file":169,"line":194},"site_status_tests","wetterwarner_add_konfig_check",496,{"type":187,"name":196,"callback":197,"file":169,"line":198},"cron_schedules","wetterwarner_cron_schedule",497,[],[],[],[203],{"hook":184,"callback":184,"file":204,"line":205},"wetterwarner-functions.php",468,{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":118,"externalRequests":118,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":261},[],{"prepared":29,"raw":29,"locations":209},[],{"escaped":211,"rawEcho":212,"locations":213},139,23,[214,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"file":153,"line":215,"context":216},146,"raw output",{"file":169,"line":218,"context":216},120,{"file":169,"line":220,"context":216},126,{"file":169,"line":222,"context":216},127,{"file":169,"line":224,"context":216},130,{"file":169,"line":226,"context":216},142,{"file":169,"line":228,"context":216},154,{"file":169,"line":230,"context":216},166,{"file":169,"line":232,"context":216},178,{"file":169,"line":234,"context":216},191,{"file":169,"line":236,"context":216},201,{"file":169,"line":238,"context":216},205,{"file":169,"line":240,"context":216},230,{"file":169,"line":242,"context":216},242,{"file":169,"line":244,"context":216},254,{"file":169,"line":246,"context":216},266,{"file":169,"line":248,"context":216},278,{"file":169,"line":250,"context":216},290,{"file":169,"line":252,"context":216},302,{"file":169,"line":254,"context":216},314,{"file":169,"line":256,"context":216},331,{"file":169,"line":258,"context":216},440,{"file":169,"line":260,"context":216},475,[],[],{"summary":264,"deductions":265},"The plugin 'wetterwarner' v2.8 exhibits a mixed security posture.  On the positive side, the static analysis reveals a clean slate regarding dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and taint analysis shows no critical or high severity unsanitized flows. The plugin also demonstrates good practices in output escaping, with a high percentage of outputs being properly handled. However, there are notable areas of concern. The complete absence of nonce checks and capability checks, particularly across the plugin's entry points, is a significant security weakness. While the attack surface is reported as zero unprotected entry points, the lack of these fundamental security mechanisms on the cron event means that any code executed by it could be triggered maliciously if an attacker can influence the cron job execution.  The vulnerability history indicates a past Cross-site Scripting (XSS) vulnerability, and while currently unpatched vulnerabilities are zero, the presence of a previous XSS issue suggests that such vulnerabilities are within the plugin's historical risk profile and diligent code review is essential to prevent their recurrence. Overall, while the immediate static analysis suggests a low risk of direct code execution or data compromise through common web vulnerabilities, the lack of authentication and authorization checks on its cron event and the historical XSS issue warrant careful consideration.",[266,268,270],{"reason":267,"points":154},"Missing nonce checks on entry points",{"reason":269,"points":154},"Missing capability checks on entry points",{"reason":271,"points":83},"Historical XSS vulnerability","2026-03-16T19:34:28.237Z",{"wat":274,"direct":283},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[276,277],"\u002Fwp-content\u002Fplugins\u002Fwetterwarner\u002Fcss\u002Fwetterwarner-styles.css","\u002Fwp-content\u002Fplugins\u002Fwetterwarner\u002Fjs\u002Fwetterwarner-script.js",[],[277],[281,282],"wetterwarner-styles.css?ver=","wetterwarner-script.js?ver=",{"cssClasses":284,"htmlComments":288,"htmlAttributes":291,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":297},[285,286,287],"wetterwarner-widget","wetterwarner-intro","wetterwarner-map",[289,290],"\u003C!-- Wetterwarner Widget Starts -->","\u003C!-- Wetterwarner Widget Ends -->",[292,293,294],"data-feed-id","data-max-messages","data-region-name",[],[5],[298,299,300],"\u003Cdiv class=\"wetterwarner-widget\">","\u003Cdiv class=\"wetterwarner-warning\">","\u003Cdiv class=\"wetterwarner-map-container\">"]