Does WindyCoat have any unpatched vulnerabilities?

No. All known vulnerabilities in WindyCoat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WindyCoat compatible with WordPress 5.9.13?

According to WordPress.org data, WindyCoat 1.3.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is WindyCoat compatible with PHP 7.0+?

WindyCoat requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WindyCoat updated?

WindyCoat was last updated on Unknown. Frequent updates are generally a positive security signal.

What is WindyCoat's security score?

WindyCoat has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WindyCoat Security & Risk Analysis

wordpress.org/plugins/windycoat

CSS Overrides

0 active installs v1.3.0 PHP 7.0+ WP 5.4+ Updated Unknown

current-conditionslocation-weatherweatherweather-widgetwordpress-weather-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WindyCoat Safe to Use in 2026?

Generally Safe

Score 100/100

WindyCoat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'windycoat' plugin v1.3.0 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, exclusively using prepared statements for SQL queries, and generally performing adequate output escaping. The absence of known vulnerabilities and critical taint flows is also a strong indicator of a relatively secure codebase. However, significant concerns arise from its attack surface. The plugin exposes one REST API route without any permission callbacks, making it a potential entry point for unauthorized access or manipulation if sensitive data or functionality is handled. Furthermore, the complete lack of nonce checks and capability checks across its entry points is a critical oversight, leaving it vulnerable to various attack vectors, including Cross-Site Request Forgery (CSRF) and privilege escalation if the exposed REST API route is exploited.

Key Concerns

REST API route without permission callback
No nonce checks
No capability checks
Unescaped output identified

Vulnerabilities

None known

WindyCoat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WindyCoat Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

74% escaped19 total outputs

Attack Surface

1 unprotected

WindyCoat Attack Surface

Entry Points2

Unprotected1

REST API Routes 1

GET/wp-json/windycoat/v1/weather/(?P<type>\S+)windycoat.php:47

Shortcodes 1

[wc_weather] windycoat.php:42

WordPress Hooks 10

filterscript_loader_tagwindycoat.php:39

actionwp_enqueue_scriptswindycoat.php:40

actionafter_setup_themewindycoat.php:43

actioncarbon_fields_register_fieldswindycoat.php:44

actionplugins_loadedwindycoat.php:45

actionrest_api_initwindycoat.php:46

actionwpwindycoat.php:52

actionwc_sync_weatherwindycoat.php:53

actionadmin_enqueue_scriptswindycoat.php:54

actionadmin_noticeswindycoat.php:55

Scheduled Events 1

wc_sync_weather

Maintenance & Trust

WindyCoat Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedUnknown

PHP min version7.0

Downloads732

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WindyCoat Alternatives

Location Weather

pflegekorb-open-weather

Location Weather is a flexible and easy to use weather plugin that allows you to add unlimited weather widgets and get up-to-date weather information …

10 No CVEs