WP-Safety

Sweet Energy Efficiency Security & Risk Analysis

wordpress.org/plugins/sweet-energy-efficiency

Graphically Visually present Energy Efficiency Class / Label / Rating / Scale with related consumption values

100 active installs v1.0.9 PHP + WP 5.2+ Updated Jan 26, 2026
co2energyenergy-efficiencygasreal-estate
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 17, 2025
Plugin page Download
Safety Verdict

Is Sweet Energy Efficiency Safe to Use in 2026?

Generally Safe

Score 98/100

Sweet Energy Efficiency has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 17, 2025Updated 2mo ago
Risk Assessment

The 'sweet-energy-efficiency' plugin version 1.0.9 presents a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling with 100% prepared statements and includes a reasonable number of nonce and capability checks. The absence of external HTTP requests and file operations is also favorable.

However, several significant concerns are evident. The presence of dangerous functions like 'unserialize' and 'create_function' without clear sanitization context is a major red flag, as these can be leveraged for remote code execution if improperly handled. Furthermore, the plugin has a notable attack surface with one unprotected AJAX handler, which is a direct entry point for potential exploits. The vulnerability history, with two previously discovered medium severity CVEs related to Missing Authorization and CSRF, indicates a pattern of weaknesses that attackers may seek to exploit, even if currently patched.

While the taint analysis shows no critical or high severity unsanitized flows, the static analysis signals, particularly the unprotected AJAX handler and the use of dangerous functions, combined with past vulnerabilities, suggest that the plugin requires careful monitoring and potentially further code review to ensure robust security.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous functions (unserialize, create_function)
  • 50% of output escaping is unescaped
  • Bundled DataTables library
  • Previous medium CVEs (Missing Authorization, CSRF)
Vulnerabilities
2

Sweet Energy Efficiency Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-14618medium · 4.3Missing Authorization

Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion

Dec 17, 2025 Patched in 1.0.7 (1d)
CVE-2025-58262medium · 4.3Cross-Site Request Forgery (CSRF)

Sweet Energy Efficiency <= 1.0.8 - Cross-Site Request Forgery

Sep 22, 2025 Patched in 1.0.9 (128d)
Code Analysis
Analyzed Mar 16, 2026

Sweet Energy Efficiency Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
77
76 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$request_data = unserialize($row['request_data']);includes\helper-functions.php:478
unserialize$other_data = unserialize($row['other_data']);includes\helper-functions.php:506
create_functionadd_action('widgets_init', create_function('', 'register_widget( "See_Graph_Widget" );'));widgets\see_graph.php:134

Bundled Libraries

DataTables

SQL Query Safety

100% prepared2 total queries

Output Escaping

50% escaped153 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<index> (application\views\see_add_graph\index.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Sweet Energy Efficiency Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_sweet-energy-efficiency_actionincludes\class-sweet-energy-efficiency.php:182

Shortcodes 1

[see_graph] shortcodes\see_graph.php:3
WordPress Hooks 14
actionwp_enqueue_scriptselementor-elements\elementor-init.php:199
actionwp_enqueue_scriptselementor-elements\elementor-init.php:200
actionelementor/elements/categories_registeredelementor-elements\elementor-init.php:202
actionelementor/widgets/registerelementor-elements\elementor-init.php:203
actionelementor/initelementor-elements\elementor-init.php:213
actionplugins_loadedincludes\class-sweet-energy-efficiency.php:155
actionadmin_enqueue_scriptsincludes\class-sweet-energy-efficiency.php:170
actionadmin_enqueue_scriptsincludes\class-sweet-energy-efficiency.php:171
actionadmin_menuincludes\class-sweet-energy-efficiency.php:176
actionwp_enqueue_scriptsincludes\class-sweet-energy-efficiency.php:201
actionwp_enqueue_scriptsincludes\class-sweet-energy-efficiency.php:202
actionplugins_loadedincludes\class-sweet-energy-efficiency.php:250
actionwidgets_initwidgets\see_graph.php:134
actionwidgets_initwidgets\see_graph.php:136
Maintenance & Trust

Sweet Energy Efficiency Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 26, 2026
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Sweet Energy Efficiency Alternatives

Gwolle Guestbook

Gwolle Guestbook

gwolle-gb

A
89

Gwolle Guestbook is the WordPress guestbook you've just been looking for. Beautiful and easy.

20K 7 CVEs
Estatik Real Estate Plugin

Estatik Real Estate Plugin

estatik

F
24

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K 2 unpatched
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

A
89

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs
Essential Real Estate

Essential Real Estate

essential-real-estate

F
17

Completely plugins Real Estate. Management system which allows you to own and maintain a real estate marketplace, intro website.

8K 3 unpatched
Optima Express IDX

Optima Express IDX

optima-express

A
100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE
Developer Profile

Sweet Energy Efficiency Developer Profile

WPDirectoryKit

6 plugins · 4K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Sweet Energy Efficiency

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sweet-energy-efficiency/admin/css/sweet-energy-efficiency-admin.css/wp-content/plugins/sweet-energy-efficiency/admin/css/basic.css/wp-content/plugins/sweet-energy-efficiency/admin/css/select.dataTables.min.css/wp-content/plugins/sweet-energy-efficiency/admin/css/font-awesome.min.css/wp-content/plugins/sweet-energy-efficiency/admin/css/style.css/wp-content/plugins/sweet-energy-efficiency/admin/css/style_rtl.css/wp-content/plugins/sweet-energy-efficiency/admin/css/frontend-dashboard.css/wp-content/plugins/sweet-energy-efficiency/admin/css/contact-admin.css+4 more
Script Paths
admin/js/sweet-energy-efficiency-admin.jsadmin/js/datatables.min.jsadmin/js/dataTables.responsive.jsadmin/js/dataTables.select.min.js
Version Parameters
sweet-energy-efficiency-admin.css?ver=basic.css?ver=font-awesome.min.css?ver=style.css?ver=style_rtl.css?ver=frontend-dashboard.css?ver=contact-admin.css?ver=sweet-energy-efficiency-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
see_wrappersee_contentsee_rating_levelsee_rating_value
Data Attributes
data-see-iddata-see-ratingdata-see-colordata-see-show-value
JS Globals
sweet_energy_efficiency_params
Shortcode Output
[sweet_energy_efficiency]
FAQ

Frequently Asked Questions about Sweet Energy Efficiency