WP-Safety

Grand Job Security & Risk Analysis

wordpress.org/plugins/grand-job

This plugin is used to create a job board site with lots of powerful functions

10 active installs v1.2.1 PHP 5.6+ WP 5.6+ Updated Jul 7, 2022
job-boardjob-listingjob-listsjob-managementjob-manager
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Grand Job Safe to Use in 2026?

Generally Safe

Score 85/100

Grand Job has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "grand-job" v1.2.1 plugin presents a mixed security posture. On the positive side, its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase or limited historical exposure. The majority of SQL queries utilize prepared statements, and a significant portion of output is properly escaped, indicating adherence to some best practices for preventing common vulnerabilities like SQL injection and XSS. However, a substantial attack surface exists with 43 AJAX handlers, 41 of which lack authentication checks. This is a significant concern, as it potentially exposes sensitive functionality to unauthenticated users.

The taint analysis reveals 7 high-severity flows with unsanitized paths, which, despite not being classified as critical, represent potential vulnerabilities that could be exploited if these paths are triggered with malicious input. The presence of the `unserialize` function, even if used sparingly, is also a notable risk factor, as unserializing untrusted data can lead to remote code execution. While the plugin has a good number of capability checks, the high number of unprotected AJAX endpoints overshadows this strength, creating a considerable risk of unauthorized actions or information disclosure.

In conclusion, the lack of documented vulnerabilities and the use of prepared statements are strengths. However, the critical deficiency lies in the extensive unprotected AJAX endpoints and the high-severity taint flows. These factors significantly elevate the risk profile of the plugin, making it a target for attackers seeking to exploit unauthenticated entry points or manipulate unsanitized data paths.

Key Concerns

  • High number of AJAX handlers without auth checks
  • High severity unsanitized taint flows
  • Use of unserialize function
  • Bundled libraries (Select2)
Vulnerabilities
None known

Grand Job Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Grand Job Code Analysis

Dangerous Functions
2
Raw SQL Queries
23
128 prepared
Unescaped Output
708
1686 escaped
Nonce Checks
7
Capability Checks
75
File Operations
27
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserializeupdate_post_meta($post_data['ID'], $key_extra, @unserialize($extra_field));includes\class\controller.class.php:907
unserializereturn @unserialize( $str );includes\tools.php:512

Bundled Libraries

Select2

SQL Query Safety

85% prepared151 total queries

Output Escaping

70% escaped2394 total outputs
Data Flows
19 unsanitized

Data Flow Analysis

25 flows19 with unsanitized paths
management_page (includes\admin\email-queue.class.php:46)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
41 unprotected

Grand Job Attack Surface

Entry Points56
Unprotected41

AJAX Handlers 43

authwp_ajax_gj_send_queue_emailincludes\ajax.php:7
noprivwp_ajax_gj_send_queue_emailincludes\ajax.php:8
authwp_ajax_gj_send_all_emailincludes\ajax.php:22
noprivwp_ajax_gj_send_all_emailincludes\ajax.php:23
authwp_ajax_gj_membership_expiry_noticeincludes\ajax.php:81
authwp_ajax_gj_membership_expiredincludes\ajax.php:82
authwp_ajax_gj_addfieldincludes\ajax.php:84
authwp_ajax_gj_duplicatefieldincludes\ajax.php:121
authwp_ajax_gj_updatefieldincludes\ajax.php:164
authwp_ajax_gj_deletefieldincludes\ajax.php:191
authwp_ajax_gj_reorderfieldincludes\ajax.php:217
authwp_ajax_gj_changegroupfieldincludes\ajax.php:254
authwp_ajax_gj_addgroupincludes\ajax.php:290
authwp_ajax_gj_updategroupincludes\ajax.php:321
authwp_ajax_gj_renamegroupincludes\ajax.php:343
authwp_ajax_gj_deletegroupincludes\ajax.php:364
authwp_ajax_gj_reordergroupincludes\ajax.php:407
authwp_ajax_gj_field_ajaxincludes\ajax.php:446
authwp_ajax_gj_save_postincludes\ajax.php:464
authwp_ajax_gj_save_settingsincludes\ajax.php:468
authwp_ajax_gj_reset_settingsincludes\ajax.php:469
authwp_ajax_gj_add_order_noteincludes\ajax.php:471
authwp_ajax_gj_delete_order_noteincludes\ajax.php:472
authwp_ajax_gj_jobs_exportincludes\ajax.php:474
authwp_ajax_gj_upload_csv_actionsincludes\ajax.php:475
authwp_ajax_gj_set_post_typesincludes\ajax.php:476
authwp_ajax_gj_parse_data_to_importincludes\ajax.php:477
authwp_ajax_gj_jobs_expiry_noticeincludes\ajax.php:479
noprivwp_ajax_gj_jobs_expiry_noticeincludes\ajax.php:480
authwp_ajax_gj_job_expiredincludes\ajax.php:482
noprivwp_ajax_gj_job_expiredincludes\ajax.php:483
authwp_ajax_gj_membership_expiry_noticeincludes\ajax.php:485
noprivwp_ajax_gj_membership_expiry_noticeincludes\ajax.php:486
authwp_ajax_gj_membership_expiredincludes\ajax.php:488
noprivwp_ajax_gj_membership_expiredincludes\ajax.php:489
authwp_ajax_gj_create_default_pagesincludes\ajax.php:491
authwp_ajax_gj_reorder_all_fieldsincludes\ajax.php:493
authwp_ajax_gj_export_fieldsincludes\ajax.php:495
authwp_ajax_gj_export_optionsincludes\ajax.php:496
authwp_ajax_gj_submit_applicationincludes\class\applies\form.php:8
noprivwp_ajax_gj_submit_applicationincludes\class\applies\form.php:9
authwp_ajax_gj_delete_draft_jobincludes\front.class.php:87
authwp_ajax_gj_delete_pending_orderincludes\front.class.php:90

Shortcodes 13

[gj_dashboard] includes\class\shortcodes.class.php:12
[gj_login] includes\class\shortcodes.class.php:13
[gj_register] includes\class\shortcodes.class.php:14
[gj_lostpassword] includes\class\shortcodes.class.php:15
[gj_jobs] includes\class\shortcodes.class.php:16
[gj_job_form_search] includes\class\shortcodes.class.php:17
[gj_candidate_form_search] includes\class\shortcodes.class.php:18
[gj_employer_form_search] includes\class\shortcodes.class.php:19
[gj_candidates] includes\class\shortcodes.class.php:20
[gj_employers] includes\class\shortcodes.class.php:21
[gj_verify_account] includes\class\shortcodes.class.php:22
[gj_pricing_tables] includes\class\shortcodes.class.php:23
[gj_plan_pricing_tables] includes\class\shortcodes.class.php:24
WordPress Hooks 169
actionplugins_loadedgjob.php:124
actionplugins_loadedgjob.php:125
actionwpmu_new_bloggjob.php:127
actiondelete_bloggjob.php:128
actionafter_setup_themegjob.php:130
actioninitgjob.php:131
actionwidgets_initgjob.php:133
actionwp_logoutgjob.php:135
actionwp_logingjob.php:136
actionrest_api_initgjob.php:138
actionwp_loadedgjob.php:140
filterrewrite_rules_arraygjob.php:141
filterquery_varsgjob.php:142
actionactivated_plugingjob.php:144
filtermanage_posts_columnsincludes\admin\application.class.php:5
filtermanage_posts_custom_columnincludes\admin\application.class.php:6
actionpre_get_postsincludes\admin\application.class.php:8
actionadmin_enqueue_scriptsincludes\admin\application.class.php:10
actiongj_before_schemaincludes\admin\application.class.php:18
filtergj_modelsincludes\admin\application.class.php:55
actiongj_before_save_postincludes\admin\application.class.php:65
actionadmin_menuincludes\admin\candidate.class.php:7
actionsave_postincludes\admin\candidate.class.php:9
actionpre_get_postsincludes\admin\candidate.class.php:10
filtermanage_posts_columnsincludes\admin\candidate.class.php:12
filtermanage_posts_custom_columnincludes\admin\candidate.class.php:13
filterpost_row_actionsincludes\admin\candidate.class.php:15
filterpage_row_actionsincludes\admin\candidate.class.php:16
actionadmin_footer-post.phpincludes\admin\candidate.class.php:18
actiongj_before_schemaincludes\admin\candidate.class.php:20
filtergj_modelsincludes\admin\candidate.class.php:46
actiongj_before_save_postincludes\admin\candidate.class.php:55
actioninitincludes\admin\candidate.class.php:218
filtermanage_edit-gj_cat_columnsincludes\admin\cat.class.php:6
actiongj_cat_add_form_fieldsincludes\admin\cat.class.php:7
actiongj_cat_edit_form_fieldsincludes\admin\cat.class.php:8
actionedited_gj_catincludes\admin\cat.class.php:9
actioncreate_gj_catincludes\admin\cat.class.php:10
actiongj_city_add_form_fieldsincludes\admin\city.class.php:5
actiongj_city_edit_form_fieldsincludes\admin\city.class.php:6
actionedited_gj_cityincludes\admin\city.class.php:7
actioncreate_gj_cityincludes\admin\city.class.php:8
actionadmin_print_footer_scriptsincludes\admin\city.class.php:9
actionadmin_menuincludes\admin\employer.class.php:7
actionsave_postincludes\admin\employer.class.php:9
actionpre_get_postsincludes\admin\employer.class.php:10
filtermanage_posts_columnsincludes\admin\employer.class.php:11
filtermanage_posts_custom_columnincludes\admin\employer.class.php:12
filterpost_row_actionsincludes\admin\employer.class.php:14
filterpage_row_actionsincludes\admin\employer.class.php:15
actiongj_before_schemaincludes\admin\employer.class.php:17
filtergj_modelsincludes\admin\employer.class.php:43
actiongj_before_save_postincludes\admin\employer.class.php:52
actionadmin_footer-post.phpincludes\admin\employer.class.php:61
actioninitincludes\admin\employer.class.php:213
actionpre_get_postsincludes\admin\job.class.php:9
actionadmin_menuincludes\admin\job.class.php:10
actionsave_postincludes\admin\job.class.php:11
filtermanage_gj_job_posts_columnsincludes\admin\job.class.php:12
filtermanage_gj_job_posts_custom_columnincludes\admin\job.class.php:13
filterpost_row_actionsincludes\admin\job.class.php:15
filterpage_row_actionsincludes\admin\job.class.php:16
actionadmin_footer-post.phpincludes\admin\job.class.php:18
actiongj_before_schemaincludes\admin\job.class.php:20
filtergj_modelsincludes\admin\job.class.php:80
actiongj_before_save_postincludes\admin\job.class.php:106
actioninitincludes\admin\job.class.php:308
filtermanage_edit-gj_level_columnsincludes\admin\level.class.php:5
actionadmin_menuincludes\admin\order.class.php:7
actionsave_postincludes\admin\order.class.php:9
actionpre_get_postsincludes\admin\order.class.php:10
filtermanage_posts_columnsincludes\admin\order.class.php:11
filtermanage_posts_custom_columnincludes\admin\order.class.php:12
actionrestrict_manage_postsincludes\admin\order.class.php:13
filterpost_row_actionsincludes\admin\order.class.php:15
filterpage_row_actionsincludes\admin\order.class.php:16
actiongj_state_add_form_fieldsincludes\admin\state.class.php:5
actiongj_state_edit_form_fieldsincludes\admin\state.class.php:6
actionedited_gj_stateincludes\admin\state.class.php:7
actioncreate_gj_stateincludes\admin\state.class.php:8
actionadmin_print_footer_scriptsincludes\admin\state.class.php:9
filtermanage_edit-gj_type_columnsincludes\admin\type.class.php:7
actiongj_type_add_form_fieldsincludes\admin\type.class.php:8
actiongj_type_edit_form_fieldsincludes\admin\type.class.php:9
actionedited_gj_typeincludes\admin\type.class.php:10
actioncreate_gj_typeincludes\admin\type.class.php:11
filtermanage_users_columnsincludes\admin\user.class.php:6
filtermanage_users_custom_columnincludes\admin\user.class.php:7
filteruser_row_actionsincludes\admin\user.class.php:8
filterwp_loadedincludes\admin\user.class.php:9
actionadmin_menuincludes\admin.class.php:26
actionadmin_enqueue_scriptsincludes\admin.class.php:27
actionadmin_print_footer_scriptsincludes\admin.class.php:29
actionadmin_print_footer_scriptsincludes\admin.class.php:30
actionadd_meta_boxesincludes\admin.class.php:31
filtergj_logged_inincludes\ajax.php:498
actionwp_loadedincludes\class\applies.php:135
actionwpincludes\class\controller.class.php:11
actionwpincludes\class\controller.class.php:12
actionwp_loadedincludes\class\controller.class.php:13
actionwp_loadedincludes\class\controller.class.php:14
actionwp_loadedincludes\class\controller.class.php:15
actionwp_loadedincludes\class\controller.class.php:16
actionwp_loadedincludes\class\controller.class.php:18
actionwp_loadedincludes\class\controller.class.php:19
actionwp_footerincludes\class\controller.class.php:20
actionwp_footerincludes\class\controller.class.php:21
actionwp_footerincludes\class\controller.class.php:22
filterposts_whereincludes\class\listing.class.php:281
actionwp_loadedincludes\class\payment-gateways.php:135
actioninitincludes\class\post-types.class.php:11
actioninitincludes\class\post-types.class.php:12
filterposts_joinincludes\class\query.class.php:20
filterposts_whereincludes\class\query.class.php:21
filtercomments_openincludes\class\query.class.php:40
filterpings_openincludes\class\query.class.php:41
actionwp_loadedincludes\class\social-logins.php:137
filtertemplate_includeincludes\class\template-loader.class.php:18
actiondelete_userincludes\class\user.class.php:14
filterpre_get_avatarincludes\class\user.class.php:15
filterget_avatar_urlincludes\class\user.class.php:16
actionwp_enqueue_scriptsincludes\class\user.class.php:18
actionwp_print_footer_scriptsincludes\class\user.class.php:19
filterajax_query_attachments_argsincludes\front.class.php:75
actionwp_enqueue_scriptsincludes\front.class.php:76
filterdocument_title_partsincludes\front.class.php:77
filterbody_classincludes\front.class.php:78
actionwp_footerincludes\front.class.php:80
filtercron_schedulesincludes\front.class.php:82
actiongj_job_expiredincludes\front.class.php:84
actiongj_delete_draft_jobincludes\front.class.php:86
actiongj_delete_pending_orderincludes\front.class.php:89
actioninitincludes\front.class.php:93
filtercomments_clausesincludes\front.class.php:96
actioncomment_feed_joinincludes\front.class.php:97
actioncomment_feed_whereincludes\front.class.php:98
actionbefore_delete_postincludes\front.class.php:100
actionbefore_delete_postincludes\front.class.php:101
actionbefore_delete_postincludes\front.class.php:102
actioninitincludes\front.class.php:104
filtershow_admin_barincludes\front.class.php:105
actionwp_print_footer_scriptsincludes\front.class.php:110
actionwp_print_footer_scriptsincludes\front.class.php:111
actionwp_print_footer_scriptsincludes\front.class.php:112
filterupload_dirincludes\helper.function.php:1788
filtertwentynineteen_can_show_post_thumbnailincludes\hook.php:10
filterhas_post_thumbnailincludes\hook.php:17
actiongj_after_dashboard_titleincludes\hook.php:47
actionadmin_enqueue_scriptsincludes\tools.php:16
actiongj_jobs_tools_tabincludes\tools.php:17
actiongj_jobs_tools_contentincludes\tools.php:18
actionwidgets_initincludes\widgets\candidate-filter.php:43
actionwidgets_initincludes\widgets\candidates.php:127
actionwidgets_initincludes\widgets\candidate_contact_form.php:50
actionwidgets_initincludes\widgets\candidate_infomation.php:50
actionwidgets_initincludes\widgets\employer-filter.php:43
actionwidgets_initincludes\widgets\employers.php:129
actionwidgets_initincludes\widgets\employer_contact_form.php:50
actionwidgets_initincludes\widgets\employer_infomation.php:51
actionwidgets_initincludes\widgets\employer_map.php:50
actionwidgets_initincludes\widgets\job-apply.php:49
actionwidgets_initincludes\widgets\job-filter.php:46
actionwidgets_initincludes\widgets\jobs-by-author.php:77
actionwidgets_initincludes\widgets\jobs.php:110
actionwidgets_initincludes\widgets\job_contact_form.php:50
actionwidgets_initincludes\widgets\job_infomation.php:50
actionwidgets_initincludes\widgets\job_select_category.php:218
actionwidgets_initincludes\widgets\overall-statistics.php:109
actionwidgets_initincludes\widgets\social-share.php:60

Scheduled Events 5

gj_delete_draft_job
gj_delete_pending_order
gj_job_expired
gj_delete_draft_job
gj_delete_pending_order
Maintenance & Trust

Grand Job Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 7, 2022
PHP min version5.6
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Grand Job Alternatives

WPJM Extra Fields

WPJM Extra Fields

wpjm-extra-fields

A
85

Adds Salary and Important Information extra fields to WP Job Manager plugin. Both in the front-end for Job Submissions as well as in the back end for …

2K No CVEs
WPJM Company Profile Page

WPJM Company Profile Page

wpjm-company-profile-page

A
85

Adds a company profile page to WP Job Manager. In this page you'll be able to see listed all the jobs by the same company, as well as other data …

200 No CVEs
Job Listings – Job Alerts

Job Listings – Job Alerts

job-listings-job-alert

A
85

Fast, Powerful, Flexible solution for real estate agents using WordPress. Built-in responsive design and works for any theme.

10 No CVEs
Job Listings – Resume

Job Listings – Resume

job-listings-resume

A
85

Fast, Powerful, Flexible solution for real estate agents using WordPress. Built-in responsive design and works for any theme.

10 No CVEs
WPJM Analytics

WPJM Analytics

wpjm-analytics

A
85

Track, report, and export Job Listings and Applications data for WP Job Manager.

10 No CVEs
Developer Profile

Grand Job Developer Profile

SFThemes

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Grand Job

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/grand-job/assets/css/style.css/wp-content/plugins/grand-job/assets/js/main.js
Script Paths
/wp-content/plugins/grand-job/assets/js/main.js
Version Parameters
grand-job/assets/css/style.css?ver=grand-job/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
gj-listing-candidategj-listing-jobgj-listing-employerjob-filter-widgetcandidate-filter-widgetemployer-filter-widget
Data Attributes
data-gj-id
JS Globals
GJ_AJAX_URL
REST Endpoints
/wp-json/gj/v1/jobs/wp-json/gj/v1/candidates/wp-json/gj/v1/employers
Shortcode Output
[gj_job_listing[gj_candidate_listing[gj_employer_listing
FAQ

Frequently Asked Questions about Grand Job