WP-Safety

Atelier Create CV Security & Risk Analysis

wordpress.org/plugins/atelier-create-cv

Atelier Cv jest prosta wtyczką do stworzenia swojej prezentacji dla pracodawcy w formie CV, którą możemy pobrać w formacie PDF.

0 active installs v1.1.5 PHP 7.0+ WP 5.9+ Updated Jun 17, 2025
create-curriculum-vitaecurriculum-vitaetworzenie-curriculum-vitae
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Atelier Create CV Safe to Use in 2026?

Mostly Safe

Score 78/100

Atelier Create CV is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jun 5, 2025Updated 9mo ago
Risk Assessment

The 'atelier-create-cv' plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the static analysis reveals good practices in SQL query preparation and output escaping, the complete absence of nonce and capability checks on all identified entry points creates a broad attack surface. This lack of authentication on 16 AJAX endpoints means any unauthenticated user could potentially interact with these functionalities, leading to unintended actions or information disclosure.

The vulnerability history indicates a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which is currently unpatched. While no critical or high severity issues were flagged in the static analysis, the historical CSRF points to a recurring pattern of potential vulnerabilities that, if not addressed, could be exploited. The absence of taint analysis results is neutral, as it suggests no obvious exploitable flows were detected during that specific analysis, but it doesn't negate the risks posed by the unprotected entry points.

In conclusion, the plugin demonstrates strengths in data handling (SQL, output escaping) but suffers from critical weaknesses in access control for its AJAX endpoints. The unpatched CVE, even if medium severity, combined with the large number of unprotected entry points, presents a significant risk. Prioritizing the implementation of authentication and authorization for all AJAX handlers, and addressing the existing unpatched vulnerability, is crucial for improving the plugin's security.

Key Concerns

  • 16 unprotected AJAX handlers
  • 0 nonce checks on AJAX handlers
  • 1 unpatched medium severity CVE
Vulnerabilities
1

Atelier Create CV Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49439medium · 4.3Cross-Site Request Forgery (CSRF)

Atelier Create CV <= 1.1.5 - Cross-Site Request Forgery to Settings Update

Jun 5, 2025Unpatched
Code Analysis
Analyzed Mar 17, 2026

Atelier Create CV Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
48 prepared
Unescaped Output
0
660 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared48 total queries

Output Escaping

100% escaped660 total outputs
Attack Surface
16 unprotected

Atelier Create CV Attack Surface

Entry Points16
Unprotected16

AJAX Handlers 16

authwp_ajax_my_action1.0.0\ateliercv.php:122
authwp_ajax_my_edu_action1.0.0\ateliercv.php:135
authwp_ajax_my_lang_action1.0.0\ateliercv.php:148
authwp_ajax_my_curse_action1.0.0\ateliercv.php:161
authwp_ajax_my_action1.1.3\ateliercv.php:122
authwp_ajax_my_edu_action1.1.3\ateliercv.php:135
authwp_ajax_my_lang_action1.1.3\ateliercv.php:148
authwp_ajax_my_curse_action1.1.3\ateliercv.php:161
authwp_ajax_my_action1.1.4\ateliercv.php:122
authwp_ajax_my_edu_action1.1.4\ateliercv.php:135
authwp_ajax_my_lang_action1.1.4\ateliercv.php:148
authwp_ajax_my_curse_action1.1.4\ateliercv.php:161
authwp_ajax_my_actionateliercv.php:122
authwp_ajax_my_edu_actionateliercv.php:135
authwp_ajax_my_lang_actionateliercv.php:148
authwp_ajax_my_curse_actionateliercv.php:161
WordPress Hooks 28
actioninit1.0.0\ateliercv.php:104
actionplugins_loaded1.0.0\inc\AtelierCv.php:12
actionadmin_menu1.0.0\inc\AtelierCv.php:15
actionadmin_init1.0.0\inc\AtelierCv.php:18
actionadmin_enqueue_scripts1.0.0\inc\AtelierCv.php:21
actionwp_enqueue_scripts1.0.0\inc\AtelierCv.php:22
actionadmin_head1.0.0\inc\StyleCssApi.php:12
actioninit1.1.3\ateliercv.php:104
actionplugins_loaded1.1.3\inc\AtelierCv.php:12
actionadmin_menu1.1.3\inc\AtelierCv.php:15
actionadmin_init1.1.3\inc\AtelierCv.php:18
actionadmin_enqueue_scripts1.1.3\inc\AtelierCv.php:21
actionwp_enqueue_scripts1.1.3\inc\AtelierCv.php:22
actionadmin_head1.1.3\inc\StyleCssApi.php:12
actioninit1.1.4\ateliercv.php:104
actionplugins_loaded1.1.4\inc\AtelierCv.php:12
actionadmin_menu1.1.4\inc\AtelierCv.php:15
actionadmin_init1.1.4\inc\AtelierCv.php:18
actionadmin_enqueue_scripts1.1.4\inc\AtelierCv.php:21
actionwp_enqueue_scripts1.1.4\inc\AtelierCv.php:22
actionadmin_head1.1.4\inc\StyleCssApi.php:12
actioninitateliercv.php:104
actionplugins_loadedinc\AtelierCv.php:12
actionadmin_menuinc\AtelierCv.php:15
actionadmin_initinc\AtelierCv.php:18
actionadmin_enqueue_scriptsinc\AtelierCv.php:21
actionwp_enqueue_scriptsinc\AtelierCv.php:22
actionadmin_headinc\StyleCssApi.php:12
Maintenance & Trust

Atelier Create CV Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 17, 2025
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Atelier Create CV Alternatives

My Resume Builder

My Resume Builder

my-resume-builder

C
63

My Resume Builder allows you to create a beautifully formatted Resumes in minutes.

50 1 unpatched
Curriculum Vitae (by osFlake)

Curriculum Vitae (by osFlake)

curriculum-vitae-by-osflake

A
100

Show all your experience, hobbies, education and interests.

10 No CVEs
Viadeo Resume

Viadeo Resume

viadeo-resume

A
85

Viadeo is the second professional social networks around the world with a total membership base of over 45 million professionals.

10 No CVEs
Developer Profile

Atelier Create CV Developer Profile

mariusz88atelierweb

3 plugins · 30 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Atelier Create CV

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/atelier-create-cv/admin/css/styles.css/wp-content/plugins/atelier-create-cv/admin/js/script.js/wp-content/plugins/atelier-create-cv/assets/css/custom.css/wp-content/plugins/atelier-create-cv/assets/css/style.css/wp-content/plugins/atelier-create-cv/assets/js/cv.js/wp-content/plugins/atelier-create-cv/assets/js/main.js/wp-content/plugins/atelier-create-cv/assets/js/script.js
Script Paths
/wp-content/plugins/atelier-create-cv/admin/js/script.js/wp-content/plugins/atelier-create-cv/assets/js/cv.js/wp-content/plugins/atelier-create-cv/assets/js/main.js/wp-content/plugins/atelier-create-cv/assets/js/script.js
Version Parameters
atelier-create-cv/admin/css/styles.css?ver=atelier-create-cv/admin/js/script.js?ver=atelier-create-cv/assets/css/custom.css?ver=atelier-create-cv/assets/css/style.css?ver=atelier-create-cv/assets/js/cv.js?ver=atelier-create-cv/assets/js/main.js?ver=atelier-create-cv/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
atelier-cv-blockatelier-cv-block__inputatelier-cv-block__input-checkboxatelier-cv-block__input-fileatelier-cv-block__input-hiddenatelier-cv-block__input-numberatelier-cv-block__input-radioatelier-cv-block__input-range+13 more
Data Attributes
atl_cv_add_cvatl_cv_add_languagesatl_cv_add_schoolatl_cv_add_skillatl_cv_add_work_experienceatl_cv_add_work_experience_block+181 more
FAQ

Frequently Asked Questions about Atelier Create CV