[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQYVvnvXUErzr3fIzsS4E8p5-RCqj-Kqd1gRNwYwX8mM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":116,"fingerprints":181},"wp-taf-metar-widget","taf-metar-widget","1.0.4","wptechnology","https:\u002F\u002Fprofiles.wordpress.org\u002Fwptechnology\u002F","\u003Cp>WP TAF METAR Widget is a plugin that allows you to show the TAF or METAR (aviation weather) information from any airport directly to your WordPress WebSite, by just giving the ICAO code of the wanted airport. You can of course place more than one widget on your page, with different settings \u002F airports. The information come directly from AviationWeather.gov databases.\u003C\u002Fp>\n","This Widget allows you to show the TAF or METAR (aviation weather) information for any airport directly to your WordPress WebSite.",20,1876,90,2,"2016-11-02T13:57:00.000Z","4.6.30","3.4","",[20,21,22,23,24],"aviation","metar","taf","weather","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-taf-metar-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-04-05T05:47:16.852Z",[37,53,70,85,105],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":48,"requires_at_least":17,"requires_php":18,"tags":49,"homepage":51,"download_link":52,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"aviationweather-widget","AviationWeather Plugin","1.1","alessiobravi","https:\u002F\u002Fprofiles.wordpress.org\u002Falessiobravi\u002F","\u003Cp>aviationweather-widget will display in the site the RAW METAR and TAF weather bulletin for the ICAO station selected in the widget administration panel.\u003Cbr \u002F>\nThe METAR and TAF data used is provided by AviationWeather.org\u003C\u002Fp>\n","A simple widget to display current METAR and TAF for the chosen ICAO Station.",10,2962,"2012-12-14T14:10:00.000Z","3.5.2",[20,50,21,22,24],"aviation-weather","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Faviationweather-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviationweather-widget.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":33,"downloaded":61,"rating":13,"num_ratings":14,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"aviation-weather-briefing","Aviation Weather Briefing","1.0","xf117a","https:\u002F\u002Fprofiles.wordpress.org\u002Fxf117a\u002F","\u003Cp>Aviation Weather Briefing plugin allows the user to display and generate the basic Aviation Weather briefings.  This includes the latest METAR’s, TAF’s,\u003Cbr \u002F>\nSignificant Weather and Upper Winds and Temperature.  On submission of user inputs the plugin will fetch the data from NOAA servers and display them to the user.\u003C\u002Fp>\n\u003Cp>The WordPress site administrator can simply display modules for METAR and TAF, Significant Weather and Upper Winds and Temperature via the below shortcodes.\u003C\u002Fp>\n","Display the most important Aviation Weather information such as METAR,TAF,Significant Weather and Upper Winds and Temperature.",2230,"2015-01-31T10:54:00.000Z","4.1.42","3.0.1",[50,21,66,22,67],"significant-weather","upper-winds-and-temperature","http:\u002F\u002Fhowtoflyahelicopter.com\u002Faviation-weather-briefing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviation-weather-briefing.1.0.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":45,"downloaded":78,"rating":27,"num_ratings":27,"last_updated":79,"tested_up_to":80,"requires_at_least":17,"requires_php":18,"tags":81,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"taf-widget","TAF plugin","0.1","mcantsin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcantsin\u002F","\u003Cp>TAF-widget lets you enter an ICAO station (airport) in the widget admin and will display the according TAF code as widget on your wordpress site.\u003Cbr \u002F>\nThe TAF data used is provided by NOAA.\u003C\u002Fp>\n","A simple widget to display the current TAF (Terminal aerodrome forecast) code for a chosen ICAO station.",1358,"2014-09-09T23:12:00.000Z","4.0.38",[21,82,22,23,24],"noaa","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftaf-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaf-widget.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":93,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":18,"tags":99,"homepage":101,"download_link":102,"security_score":103,"vuln_count":32,"unpatched_count":32,"last_vuln_date":104,"fetched_at":29},"aviation-weather-from-noaa","Aviation Weather from NOAA","0.7.2","machouinard","https:\u002F\u002Fprofiles.wordpress.org\u002Fmachouinard\u002F","\u003Cul>\n\u003Cli>Display METAR & TAF info from NOAA’s Aviation Digital Data Service\u003C\u002Fli>\n\u003Cli>Display up to 6 hours before now\u003C\u002Fli>\n\u003Cli>PIREPs up to 200sm\u003C\u002Fli>\n\u003Cli>Create multiple instances using either widget or shortcode\u003C\u002Fli>\n\u003Cli>WP-CLI Integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Gutenberg Block\u003C\u002Fh4>\n\u003Cp>A new \u003Ccode>AWFN Block\u003C\u002Fcode> can be found in the Widgets section.\u003C\u002Fp>\n\u003Ch4>Shortcode Usage: ( shown with defaults )\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[adds_weather apts='KSMF' hours=2 show_metar=1 show_taf=1 show_pireps=1 show_station_info=1 radial_dist=100 title='']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Data is cached for 30 minutes using the WordPress Transients API.\u003C\u002Fp>\n\u003Ch4>Included Filter Hooks:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>adds_kses: Array of permitted HTML tags.\u003C\u002Fli>\n\u003Cli>adds_custom_css: URL of a user-supplied stylesheet.  Supplying a stylesheet in theme’s directory ( ‘css\u002Faviation_weather_from_noaa.css’ ) will also override stylesheet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Styling\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Copy \u003Ccode>css\u002Faviation_weather_from_noaa.css\u003C\u002Fcode> from plugin directory into theme directory, keeping that file structure.\u003C\u002Fli>\n\u003Cli>Make desired changes.\u003C\u002Fli>\n\u003Cli>Plugin will load this stylesheet instead of its own.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code and support available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmachouinard\u002Faviation-weather-from-noaa\" title=\"GitHub Repo\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Aviation weather data from NOAA's Aviation Digital Data Service (ADDS)",100,7110,4,"2022-10-31T16:06:00.000Z","6.1.10","3.8",[20,21,82,100,23],"pireps","https:\u002F\u002Fgithub.com\u002Fmachouinard\u002Faviation-weather-from-noaa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faviation-weather-from-noaa.0.7.2.zip",61,"2025-06-30 00:00:00",{"slug":106,"name":107,"version":73,"author":74,"author_profile":75,"description":108,"short_description":109,"active_installs":45,"downloaded":110,"rating":27,"num_ratings":27,"last_updated":111,"tested_up_to":112,"requires_at_least":17,"requires_php":18,"tags":113,"homepage":114,"download_link":115,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"metar-widget","METAR plugin","\u003Cp>METAR-widget lets you enter an ICAO station (airport) in the widget admin and will display the according METAR code as widget on your wordpress site.\u003Cbr \u002F>\nThe METAR data used is provided by NOAA.\u003C\u002Fp>\n","A simple widget to display the current METAR code (Pilot weather code) for a chosen ICAO station.",2568,"2012-10-26T00:27:00.000Z","3.4.2",[21,82,23,24],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmetar-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetar-widget.zip",{"attackSurface":117,"codeSignals":129,"taintFlows":169,"riskAssessment":170,"analyzedAt":180},{"hooks":118,"ajaxHandlers":125,"restRoutes":126,"shortcodes":127,"cronEvents":128,"entryPointCount":27,"unprotectedCount":27},[119],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","widgets_init","anonymous","WP-TAF-METAR-Widget.php",202,[],[],[],[],{"dangerousFunctions":130,"sqlUsage":131,"outputEscaping":133,"fileOperations":167,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":168},[],{"prepared":27,"raw":27,"locations":132},[],{"escaped":27,"rawEcho":134,"locations":135},18,[136,139,141,143,144,145,147,148,150,152,153,155,157,159,160,161,163,165],{"file":123,"line":137,"context":138},58,"raw output",{"file":123,"line":140,"context":138},62,{"file":123,"line":142,"context":138},63,{"file":123,"line":142,"context":138},{"file":123,"line":142,"context":138},{"file":123,"line":146,"context":138},66,{"file":123,"line":146,"context":138},{"file":123,"line":149,"context":138},67,{"file":123,"line":151,"context":138},68,{"file":123,"line":151,"context":138},{"file":123,"line":154,"context":138},69,{"file":123,"line":156,"context":138},74,{"file":123,"line":158,"context":138},75,{"file":123,"line":158,"context":138},{"file":123,"line":158,"context":138},{"file":123,"line":162,"context":138},135,{"file":123,"line":164,"context":138},136,{"file":123,"line":166,"context":138},137,8,[],[],{"summary":171,"deductions":172},"The wp-taf-metar-widget plugin version 1.0.4 presents a concerning security posture despite a lack of recorded vulnerabilities. The static analysis reveals a complete absence of input validation and authorization checks across its identified entry points (AJAX handlers, REST API routes, shortcodes, cron events). This means any functionality, even if it appears to have no direct entry points, could potentially be exploited if there are indirect ways to trigger it or if new entry points are introduced in future versions without proper checks.\n\nA significant red flag is the 100% of outputs that are not properly escaped. This creates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data processed and displayed by the widget, if not properly sanitized, could be manipulated by an attacker to inject malicious scripts that could then be executed in a user's browser, potentially leading to session hijacking or further compromise.\n\nThe plugin's vulnerability history is clean, with no known CVEs. However, this should not be interpreted as a sign of inherent security. Given the significant code-level concerns, particularly the lack of escaping and the absence of capability checks, it is likely that vulnerabilities exist but have either gone unnoticed or are difficult to exploit due to the plugin's limited scope or specific usage patterns. The lack of any recorded vulnerabilities in the past could also simply mean it hasn't been a target or thoroughly audited.\n\nIn conclusion, while the plugin doesn't have a history of known vulnerabilities and avoids common pitfalls like raw SQL queries or dangerous functions, the severe lack of output escaping and the absence of authorization checks on all entry points represent critical security weaknesses. These issues create a substantial risk of XSS attacks and potential unauthorized actions. The plugin's security is therefore considered poor due to these fundamental flaws.",[173,175,178],{"reason":174,"points":167},"Output escaping is not properly implemented",{"reason":176,"points":177},"No capability checks on entry points",5,{"reason":179,"points":177},"No nonce checks on entry points","2026-03-16T22:47:49.534Z",{"wat":182,"direct":187},{"assetPaths":183,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[],[],[],[],{"cssClasses":188,"htmlComments":191,"htmlAttributes":209,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[24,189,190],"widget-wrapper","widget-title",[192,193,194,195,196,197,198,199,200,201,202,203,198,198,198,204,205,206,207,208],"Fixs \u002F Updates :","Initial version","Added Metar & a cache system to prevent aviationweather.gov from being called to often.","Added Title option to be able to change the title of the widget, manually (so allows to show different TAF-METAR widgets)","added cache system compatible with multiple airports requests",":: Exit if accessed directly ::","::.....................................................................................................................................::","::.. first of all, try to see if there's a cached version ? ..::","::.. Get 3 hours METAR or actual TAF depending on the settings ..::","::.. remove all tags ..::","::.. Look for the real beginning of the information ..::","::.. Store it to the cache information ..::","::.. We will need a cache directory ..::","::.. Now look for the wanted information ..::","::.. If the file doesn't exists, return null ..::","::.. If the file is older than 30 minutes, return null ..::","::.. Okay, the file is recent, load it and return it ..::",[210],"widget_id",[],[],[]]