Vulnerabilities and security researches forsweet-energy-efficiency sweet-energy-efficiency

Oct 11, 2025

CVE, Research URL: CVE-2025-58262
Home page URL: Security reports for Sweet Energy Efficiency
Application: Sweet Energy Efficiency
Date: Sep 23, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in wpdirectorykit Sweet Energy Efficiency allows Stored XSS. This issue affects Sweet Energy Efficiency: from n/a through 1.0.6.
Affected versions: max 1.0.6.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-14618
Home page URL: Security reports for Sweet Energy Efficiency
Application: Sweet Energy Efficiency
Date: Dec 18, 2025
Research Description: The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber level access and above, to read, modify, and delete arbitrary graphs.
Affected versions: max 1.0.7.
Status: vulnerable