Medium severity4.3NVD Advisory· Published Dec 18, 2025· Updated Apr 15, 2026

CVE-2025-14618

Description

The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber level access and above, to read, modify, and delete arbitrary graphs.

Affected products

WordPress/Sweet Energy Efficiencyllm-fuzzy
Range: <=1.0.6
Package: https://wordpress.org/plugins/sweet-energy-efficiency

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3417589/sweet-energy-efficiencynvd
plugins.trac.wordpress.org/changeset/3420909/sweet-energy-efficiencynvd
www.wordfence.com/threat-intel/vulnerabilities/id/1ccc8b30-1bdf-4335-85a9-79c6f9a88afcnvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000