Sucuri finds no problems on the site but it shows the following scripts are present on the site :
Those look like scripts associated with third-party advertising, and any external input to the web page won't be under Weatherbug's control. Sneaking malware in through this route is relatively easy and I heard about one such case only yesterday. It's difficult to pin it down because the poisoned input only appears at random intervals in order to make it harder to detect exactly where it's coming from. Selling and re-selling advertising space on webpages is a major industry behind the scenes. I looked into it briefly and I was amazed at the complexity of that industry.
One thing worth noting is that the IP Address on the screenshot is not the address for Weatherbug, which is 18.104.22.168; the other one is an Amazon cloud server, which tells us very little. It could be this is where the advertising is coming from but doesn't say who it is.
Edit - McAfee TrustedSource flags that Amazon server as Red (High Risk). There are many domains on that server and VirusTotal is reporting multiple problems with a number of those domains.
Thank you, Hayton. That helps me and I think it will help others. So at least McAfee is doing properly what it is supposed to do.