[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFBjk07FmHz9vefCs_jNPejj9kefPqx8qR96pxtA1ROs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":33,"fingerprints":135},"wf-weather","WF Weather","0.9.1","wunderfarm","https:\u002F\u002Fprofiles.wordpress.org\u002Fwunderfarm\u002F","\u003Cp>WF Weather is the \u003Ccode>wunderfarm-way\u003C\u002Fcode> to integrate weather information provided by various providers in a truly responsive box. Very easy, 100% responsive, fast and SEO-friendly!\u003C\u002Fp>\n\u003Cp>It supports the integration of South Tyrolean weather information provided by provinz.bz.it\u002Fwetter (7 districts).\u003C\u002Fp>\n","WF Weather allows the user to integrate weather information provided by various providers.",10,3057,0,"2022-08-19T12:21:00.000Z","6.0.11","3.0.1","",[],"http:\u002F\u002Fwww.wunderfarm.com\u002Fplugins\u002Fwf-weather","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwf-weather.0.9.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},3,11010,90,2093,72,"2026-04-04T21:15:50.997Z",[],{"attackSurface":34,"codeSignals":71,"taintFlows":124,"riskAssessment":125,"analyzedAt":134},{"hooks":35,"ajaxHandlers":55,"restRoutes":56,"shortcodes":57,"cronEvents":70,"entryPointCount":26,"unprotectedCount":13},[36,42,46,51],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","add_plugin_page","includes\\wf_weather_settings.php",16,{"type":37,"name":43,"callback":44,"file":40,"line":45},"admin_init","page_init",17,{"type":37,"name":47,"callback":48,"file":49,"line":50},"init","wf_weather_load_translations","wf-weather.php",20,{"type":37,"name":52,"callback":53,"file":49,"line":54},"wp_enqueue_scripts","wf_weather_scripts",35,[],[],[58,63,66],{"tag":59,"callback":60,"file":61,"line":62},"wf_stw_weather_forecast","wf_weather_forecast_handler","includes\\wf_weather_shortcodes.php",209,{"tag":64,"callback":60,"file":61,"line":65},"wf_weather_forecast",210,{"tag":67,"callback":68,"file":61,"line":69},"wf_weather_text","wf_weather_text_handler",211,[],{"dangerousFunctions":72,"sqlUsage":73,"outputEscaping":75,"fileOperations":13,"externalRequests":122,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":123},[],{"prepared":13,"raw":13,"locations":74},[],{"escaped":13,"rawEcho":76,"locations":77},25,[78,81,82,84,86,88,89,91,92,94,96,98,100,102,103,105,106,108,109,111,113,114,116,118,120],{"file":61,"line":79,"context":80},80,"raw output",{"file":61,"line":79,"context":80},{"file":61,"line":83,"context":80},82,{"file":61,"line":85,"context":80},83,{"file":61,"line":87,"context":80},89,{"file":61,"line":87,"context":80},{"file":61,"line":90,"context":80},96,{"file":61,"line":90,"context":80},{"file":61,"line":93,"context":80},100,{"file":61,"line":95,"context":80},103,{"file":61,"line":97,"context":80},106,{"file":61,"line":99,"context":80},109,{"file":61,"line":101,"context":80},118,{"file":61,"line":101,"context":80},{"file":61,"line":104,"context":80},125,{"file":61,"line":104,"context":80},{"file":61,"line":107,"context":80},189,{"file":61,"line":107,"context":80},{"file":61,"line":110,"context":80},191,{"file":61,"line":112,"context":80},192,{"file":61,"line":112,"context":80},{"file":61,"line":115,"context":80},195,{"file":61,"line":117,"context":80},196,{"file":61,"line":119,"context":80},198,{"file":61,"line":121,"context":80},199,1,[],[],{"summary":126,"deductions":127},"The wf-weather plugin version 0.9.1 presents a mixed security profile.  On the positive side, the plugin exhibits good practices in database interaction, with 100% of its SQL queries using prepared statements.  Furthermore, there are no known vulnerabilities or CVEs associated with this plugin, suggesting a history of relative stability and potentially good development attention.  The attack surface, while consisting of 3 shortcodes, is currently reported as unprotected by any authentication or capability checks, which is a significant concern.  A critical weakness lies in the output escaping, where none of the 25 identified outputs are properly escaped. This creates a high risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the plugin's functionalities.\n\nWhile the static analysis shows no dangerous functions, file operations, or critical taint flows, the complete lack of output escaping is a major red flag. The absence of nonce checks and capability checks on its entry points (shortcodes in this case) further exacerbates the risk. The fact that there are no previously recorded vulnerabilities might be misleading, as the underlying weaknesses in output handling and authorization could still be exploited.  In conclusion, the plugin has strengths in its database security but significant weaknesses in output sanitization and access control, making it a moderate to high risk for XSS and potentially other injection attacks.",[128,130,132],{"reason":129,"points":50},"Unescaped output on all outputs",{"reason":131,"points":11},"No capability checks on entry points",{"reason":133,"points":11},"No nonce checks on entry points","2026-03-17T00:18:08.761Z",{"wat":136,"direct":143},{"assetPaths":137,"generatorPatterns":139,"scriptPaths":140,"versionParams":141},[138],"\u002Fwp-content\u002Fplugins\u002Fwf-weather\u002Fcss\u002Fwf-weather.css",[],[],[142],"wf-weather.css?ver=",{"cssClasses":144,"htmlComments":154,"htmlAttributes":155,"restEndpoints":158,"jsGlobals":159,"shortcodeOutput":160},[145,146,147,148,149,150,151,152,153],"wf-weather-forecast","wf-title","wf-weather-forecast col-3","forecast","temperature","rainfall","thunderstorm","freeze","general",[],[156,157],"data-district","data-lang",[],[],[161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180],"\u003Cdiv class=\"wf-weather-forecast","\u003Ch2 class=\"wf-title\">","\u003Cdiv class=\"container\">","\u003Cdiv class=\"forecast\">","\u003Cspan class=\"title\"","\u003Cdiv class=\"section general\">","\u003Cimg src=","\u003Cdiv class=\"section temperature\">","\u003Cspan class=\"temp min\">","\u003Cspan class=\"temp max\">","\u003Cdiv class=\"section rainfall\">","\u003Cspan class=\"data rainfall\">","\u003Cdiv class=\"rainfall-probability\">","\u003Cspan class=\"data bar-container part1\">","\u003Cspan class=\"data bar-container part2\">","\u003Cspan class=\"data bar-container part3\">","\u003Cspan class=\"data bar-container part4\">","\u003Cdiv class=\"section thunderstorm\">","\u003Cspan class=\"data bar-container thunderstorm\">","\u003Cdiv class=\"section freeze\">"]