WP-Safety

Solar Wizard Lite Security & Risk Analysis

wordpress.org/plugins/solar-wizard-lite

The first solar power calculator for Wordpress websites. If you're tired of answering the questions" how much does it cost to go solar?

200 active installs v1.2.5 PHP 7.3+ WP 4.7+ Updated Dec 31, 2024
calculate-estimatesolarsolar-wizard
91
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Solar Wizard Lite Safe to Use in 2026?

Generally Safe

Score 91/100

Solar Wizard Lite has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 6, 2025Updated 1yr ago
Risk Assessment

The solar-wizard-lite plugin v1.2.5 exhibits a concerning security posture primarily due to a large attack surface with a significant number of unprotected entry points. While the plugin demonstrates good practices in SQL query handling and shows a high percentage of properly escaped output, the presence of 8 AJAX handlers without any authentication checks is a critical weakness. This could allow unauthenticated users to trigger potentially sensitive actions or expose information. The taint analysis, while limited in scope, identified two flows with unsanitized paths, which, although not classified as critical or high, warrant attention. The vulnerability history indicates a past XSS vulnerability, and the recent date of the last vulnerability suggests the plugin is actively maintained but has had security flaws. Overall, the plugin has strengths in SQL and output escaping but significant risks due to unprotected AJAX endpoints and potential path sanitization issues.

Key Concerns

  • 8 unprotected AJAX handlers
  • 2 flows with unsanitized paths
  • 1 known CVE in vulnerability history
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
  • 25% of outputs not properly escaped
Vulnerabilities
1 published

Solar Wizard Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11764medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.2.5 (1d)
Version History

Solar Wizard Lite Release Timeline

v1.2.5Current
v1.2.41 CVE
CVE-2024-11764
v1.2.31 CVE
CVE-2024-11764
v1.2.21 CVE
CVE-2024-11764
v1.2.11 CVE
CVE-2024-11764
v1.2.01 CVE
CVE-2024-11764
v1.1.91 CVE
CVE-2024-11764
v1.1.81 CVE
CVE-2024-11764
v1.1.71 CVE
CVE-2024-11764
v1.1.61 CVE
CVE-2024-11764
v1.1.51 CVE
CVE-2024-11764
v1.1.41 CVE
CVE-2024-11764
v1.1.31 CVE
CVE-2024-11764
v1.1.21 CVE
CVE-2024-11764
v1.1.11 CVE
CVE-2024-11764
v1.1.01 CVE
CVE-2024-11764
v1.0.41 CVE
CVE-2024-11764
v1.0.31 CVE
CVE-2024-11764
v1.0.21 CVE
CVE-2024-11764
v1.0.11 CVE
CVE-2024-11764
Code Analysis
Analyzed Mar 16, 2026

Solar Wizard Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
39
117 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

75% escaped156 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
solwzd_section_callback (admin\admin_settings.php:209)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Solar Wizard Lite Attack Surface

Entry Points9
Unprotected8

AJAX Handlers 8

authwp_ajax_solwzd_export_quotesadmin\admin_settings.php:23
noprivwp_ajax_solwzd_export_quotesadmin\admin_settings.php:24
authwp_ajax_solwzd_submit_quotesolar-wizard-lite.php:52
noprivwp_ajax_solwzd_submit_quotesolar-wizard-lite.php:53
authwp_ajax_solwzd_calculate_panelsolar-wizard-lite.php:55
noprivwp_ajax_solwzd_calculate_panelsolar-wizard-lite.php:56
authwp_ajax_solwzd_count_incentive_with_costsolar-wizard-lite.php:58
noprivwp_ajax_solwzd_count_incentive_with_costsolar-wizard-lite.php:59

Shortcodes 1

[solar_wizard] solar-wizard-lite.php:41
WordPress Hooks 26
actionadmin_menuadmin\admin_settings.php:5
actionadmin_initadmin\admin_settings.php:7
actionadmin_initadmin\admin_settings.php:8
actionadmin_initadmin\admin_settings.php:9
actionadmin_initadmin\admin_settings.php:10
actionadmin_initadmin\admin_settings.php:11
actionadmin_initadmin\admin_settings.php:12
actionadmin_initadmin\admin_settings.php:13
actionadmin_initadmin\admin_settings.php:14
actionadmin_initadmin\admin_settings.php:15
actionadmin_headadmin\admin_settings.php:16
actionadmin_initadmin\admin_settings.php:17
actionadmin_initadmin\admin_settings.php:18
actionadmin_initadmin\admin_settings.php:19
actionadmin_initadmin\admin_settings.php:20
actionadmin_initadmin\admin_settings.php:21
actionwp_enqueue_scriptsincludes.php:19
actionadmin_enqueue_scriptsincludes.php:49
actionplugins_loadedsolar-wizard-lite.php:40
actioninitsolar-wizard-lite.php:43
filterpost_row_actionssolar-wizard-lite.php:44
actionadd_meta_boxessolar-wizard-lite.php:45
filtermanage_quote_posts_columnssolar-wizard-lite.php:47
actionmanage_quote_posts_custom_columnsolar-wizard-lite.php:48
actionadmin_initsolar-wizard-lite.php:60
actionadmin_noticessolar-wizard-lite.php:88
Maintenance & Trust

Solar Wizard Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 31, 2024
PHP min version7.3
Downloads7K

Community Trust

Rating94/100
Number of ratings14
Active installs200
Alternatives

Solar Wizard Lite Alternatives

Solar Calculator

Solar Calculator

solar-calculator

A
100

A modern, user-friendly WordPress plugin designed to promote solar energy, calculate the potential solar power generation at a specific location.

90 No CVEs
SyntaxHighlighter Evolved Themes

SyntaxHighlighter Evolved Themes

syntaxhighlighter-evolved-themes

A
85

Adds new themes to the SyntaxHighlighter Evolved plugin.

50 No CVEs
Power Calculator

Power Calculator

power-calculator

A
85

A single shortcode insert and turn your page or post into Power Calculator and calculate power load, inverter size and solar panel size

20 No CVEs
Helioviewer.org – Latest Image

Helioviewer.org – Latest Image

helioviewerorg-latest-image-of-the-sun

A
85

Displays the latest image of the Sun from Helioviewer.org.

10 No CVEs
Käuferportal Solarrechner-Plugin

Käuferportal Solarrechner-Plugin

kp-solar-rechner

A
85

Das Käuferportal Solarrechner-Plugin ermöglicht, einen Solarrechner als Widget oder Shortcode in Deinen Blog zu integrieren.

10 No CVEs
Developer Profile

Solar Wizard Lite Developer Profile

covertcommunication

1 plugin · 200 total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Solar Wizard Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/solar-wizard-lite/css/solar-wizard-style.css/wp-content/plugins/solar-wizard-lite/js/solar-wizard.js
Script Paths
/wp-content/plugins/solar-wizard-lite/js/solar-wizard.js
Version Parameters
solar-wizard-lite/css/solar-wizard-style.css?ver=solar-wizard-lite/js/solar-wizard.js?ver=

HTML / DOM Fingerprints

CSS Classes
solwzd-review-btn
HTML Comments
Solar Calculator is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.Solar Calculator is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with Solar Calculator. If not, see {URI to Plugin License}.
Data Attributes
data-tab=
JS Globals
solwzd_ajax_object
REST Endpoints
/wp-json/solwzd/v1/submit/wp-json/solwzd/v1/calculate
Shortcode Output
[solar_wizard]
FAQ

Frequently Asked Questions about Solar Wizard Lite