Does Weather Underground have any unpatched vulnerabilities?

No. All known vulnerabilities in Weather Underground have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Weather Underground compatible with WordPress 4.5.33?

According to WordPress.org data, Weather Underground 2.1.3 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Weather Underground updated?

Weather Underground was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Weather Underground's security score?

Weather Underground has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Weather Underground Security & Risk Analysis

wordpress.org/plugins/wunderground

Get accurate and beautiful weather forecasts powered by Wunderground.com

4K active installs v2.1.3 PHP + WP 3.6+ Updated Nov 28, 2017

weatherweather-undergroundweather-comweatherbugwunderground

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Weather Underground Safe to Use in 2026?

Generally Safe

Score 85/100

Weather Underground has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wunderground" plugin version 2.1.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a generally secure development approach. The absence of dangerous functions, file operations, and critical/high taint flows further bolsters its security. However, several areas raise concern. The presence of two AJAX handlers without authentication checks creates a significant attack surface. Additionally, a low rate of output escaping (33%) suggests potential for Cross-Site Scripting (XSS) vulnerabilities. While taint analysis found no issues, the limited scope of analysis (0 flows) and the identified unprotected entry points warrant caution.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output

Vulnerabilities

None known

Weather Underground Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Weather Underground Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

33% escaped40 total outputs

Attack Surface

2 unprotected

Weather Underground Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 4

authwp_ajax_wunderground_aqinc\class-ajax.php:6

noprivwp_ajax_wunderground_aqinc\class-ajax.php:7

authwp_ajax_wunderground_updateinc\class-ajax.php:9

noprivwp_ajax_wunderground_updateinc\class-ajax.php:10

Shortcodes 2

[wunderground] wunderground.php:96

[forecast] wunderground.php:102

WordPress Hooks 9

actionwp_enqueue_scriptsinc\class-display.php:7

actioncustomize_controls_enqueue_scriptsinc\class-display.php:8

actionwunderground_print_scriptsinc\class-display.php:9

actionwunderground_render_templateinc\class-template.php:21

actionwidgets_initinc\class-widget.php:357

actionplugins_loadedwunderground.php:56

actioninitwunderground.php:58

actionwunderground_log_debugwunderground.php:61

filterwidget_textwunderground.php:110

Maintenance & Trust

Weather Underground Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedNov 28, 2017

PHP min version

Downloads272K

Community Trust

Rating74/100

Number of ratings50

Active installs4K

Alternatives

Weather Underground Alternatives

Weather Widget

weather-widget

This widget displays the current condition, temperature, and the feels like temperature. It uses weather.com’s xoap api to retrieve the information.

90 No CVEs

Weather Spider

weather-spider-display-weather-forecast-on-your-blog

Place clean, nice-looking weather forecasts from weatherbug.com within your blog and sidebar.

10 No CVEs

WP Forecast Weather

wp-forecast-weather

Forecast Weather plugin for wordpress using Wunderground API.

10 No CVEs

WP Historical Weather

wp-historical-weather

Historical Weather plugin for wordpress using Wunderground API.

10 No CVEs

Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget

location-weather

100

Customizable WordPress Weather Forecast plugin to display Current Temperature, Hourly & Daily Forecasts, up to 16-Day, Air Quality, & Live Weather Map

10K 1 CVE

Developer Profile

Weather Underground Developer Profile

Zack Katz

23 plugins · 14K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Weather Underground

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wunderground/assets/css/wunderground.css/wp-content/plugins/wunderground/assets/css/admin.css/wp-content/plugins/wunderground/assets/js/widget.js/wp-content/plugins/wunderground/assets/js/widget.min.js

Script Paths

/wp-content/plugins/wunderground/assets/js/widget.js/wp-content/plugins/wunderground/assets/js/widget.min.js

Version Parameters

wunderground/style.css?ver=wunderground.css?ver=admin.css?ver=widget.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-wu-widget

JS Globals

WuWidget

Shortcode Output

[wunderground][forecast]

FAQ

Weather Underground Security & Risk Analysis

Is Weather Underground Safe to Use in 2026?

Generally Safe

Key Concerns

Weather Underground Security Vulnerabilities

Weather Underground Code Analysis

SQL Query Safety

Output Escaping

Weather Underground Attack Surface

AJAX Handlers 4

Shortcodes 2

Weather Underground Maintenance & Trust

Maintenance Signals

Community Trust

Weather Underground Alternatives

Weather Widget

Weather Spider

WP Forecast Weather

WP Historical Weather

Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget

Weather Underground Developer Profile

How We Detect Weather Underground

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Weather Underground