WP-Safety

Chameleoni Jobs Security & Risk Analysis

wordpress.org/plugins/chameleon-jobs

Chameleoni Jobs plugin integrates a job feed into your WordPress site, enabling vacancy postings, candidate registrations, and job applications.

10 active installs v2.5.6 PHP + WP 3.0.1+ Updated Apr 23, 2025
chameleonijobsrecruitment
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 18, 2024
Plugin page Download
Safety Verdict

Is Chameleoni Jobs Safe to Use in 2026?

Generally Safe

Score 99/100

Chameleoni Jobs has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 18, 2024Updated 11mo ago
Risk Assessment

The "chameleon-jobs" plugin v2.5.6 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in handling SQL queries, with 100% using prepared statements, and a high rate of output escaping (96%). The absence of known critical or high severity vulnerabilities, and the fact that the single known medium vulnerability is patched, is also reassuring. However, there are several areas for concern. The plugin has 8 shortcodes, which represent potential entry points, and while the static analysis indicates none are unprotected, this still warrants careful review. The complete lack of nonce checks and capability checks across all code signals a significant gap in security best practices, leaving potential for CSRF and privilege escalation vulnerabilities if any of the entry points, particularly shortcodes, handle sensitive data or actions. Furthermore, 10 out of 14 taint analysis flows with unsanitized paths are concerning, even though they are not classified as critical or high. This suggests potential for XSS or other injection vulnerabilities if the input is not properly handled at runtime.

Key Concerns

  • No nonce checks found
  • No capability checks found
  • 10 unsanitized paths in taint analysis
  • 4 unsafely escaped outputs detected
Vulnerabilities
1

Chameleoni Jobs Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-52459medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chameleoni Jobs <= 2.5.4 - Reflected Cross-Site Scripting

Nov 18, 2024 Patched in 2.5.5 (144d)
Code Analysis
Analyzed Mar 17, 2026

Chameleoni Jobs Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
61 prepared
Unescaped Output
17
405 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
46
Bundled Libraries
0

SQL Query Safety

100% prepared61 total queries

Output Escaping

96% escaped422 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

14 flows10 with unsanitized paths
cjf_front_view_job_func (feed_setup.php:101)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Chameleoni Jobs Attack Surface

Entry Points8
Unprotected0

Shortcodes 8

[Jobs_disp_search_widget] feed_setup.php:1326
[Jobs_disp_search_results] feed_setup.php:1327
[Jobs_disp_login_form_front] feed_setup.php:1333
[Jobs_disp_logout_front] feed_setup.php:1339
[Jobs_disp_forgetpass_form_front] feed_setup.php:1345
[Jobs_disp_profile_form_front] feed_setup.php:1351
[Jobs_disp_front] feed_setup.php:1362
[Jobs_disp_register_form_front] feed_setup.php:1379
WordPress Hooks 6
filterwidget_textfeed_setup.php:25
filterwidget_textfeed_setup.php:26
actionwp_enqueue_scriptsfeed_setup.php:1358
actionadmin_menufeed_setup.php:1359
actionwp_loadedjoblogin.php:2
actionwp_loadedjobregister.php:4
Maintenance & Trust

Chameleoni Jobs Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 23, 2025
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Chameleoni Jobs Alternatives

Personio Integration Light

Personio Integration Light

personio-integration-light

A
100

Import and display your positions from Personio directly on your website. Get full control over how they are displayed.

200 No CVEs
WP Broadbean

WP Broadbean

wpbroadbean

A
85

Simple integration of Broadbean job posting & distribution with WordPress.

100 No CVEs
Dynamic WPJM Tags for Elementor

Dynamic WPJM Tags for Elementor

dynamic-wpjm-for-elementor

A
100

Adds job-specific fields to Elementor's dynamic content for creating professional job listing pages with WP Job Manager.

50 No CVEs
Job Board by ejobsitesoftware

Job Board by ejobsitesoftware

job-board-by-ejobsitesoftware

A
100

A comprehensive job board plugin with features like job posting, job search, applications, employer/jobseeker dashboards, and more.

10 No CVEs
Recruitment Manager – Jobs Listing and Recruitment Plugin

Recruitment Manager – Jobs Listing and Recruitment Plugin

recruitment-manager

A
85

WP Recruitment Manager - Jobs plugin to create ease in your recruitment process

10 No CVEs
Developer Profile

Chameleoni Jobs Developer Profile

Chameleoni

1 plugin · 10 total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
144 days
View full developer profile
Detection Fingerprints

How We Detect Chameleoni Jobs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chameleon-jobs/job_details.css/wp-content/plugins/chameleon-jobs/job_listing.css/wp-content/plugins/chameleon-jobs/job_listing.js
Script Paths
/wp-content/plugins/chameleon-jobs/job_listing.js
Version Parameters
chameleon-jobs/job_details.css?ver=chameleon-jobs/job_listing.css?ver=chameleon-jobs/job_listing.js?ver=

HTML / DOM Fingerprints

CSS Classes
chameleon-apply-buttonchameleon-job-details
HTML Comments
<!-- Options Placeholder -->
Data Attributes
data-job-iddata-job-titledata-job-ref
JS Globals
chameleonJobs
Shortcode Output
[chameleon_jobs_listing][chameleon_jobs_detail]
FAQ

Frequently Asked Questions about Chameleoni Jobs