Does Employee, Leave and Recruitment Management System – Crew HRM have any unpatched vulnerabilities?

No. All known vulnerabilities in Employee, Leave and Recruitment Management System – Crew HRM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Employee, Leave and Recruitment Management System – Crew HRM compatible with WordPress 6.8.5?

According to WordPress.org data, Employee, Leave and Recruitment Management System – Crew HRM 1.2.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Employee, Leave and Recruitment Management System – Crew HRM compatible with PHP 7.4+?

Employee, Leave and Recruitment Management System – Crew HRM requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Employee, Leave and Recruitment Management System – Crew HRM Security & Risk Analysis

wordpress.org/plugins/hr-management

Create career pages for job listings, hiring or recruiting great talent with Crew HRM. It helps manage employee info, leave requests, onboarding

200 active installs v1.2.2 PHP 7.4+ WP 6.3+ Updated Jul 29, 2025

employeehiringjob-listingrecruitment

A · Safe

CVEs total1

Unpatched0

Last CVEAug 12, 2024

Plugin page Download

Safety Verdict

Is Employee, Leave and Recruitment Management System – Crew HRM Safe to Use in 2026?

Generally Safe

Score 98/100

Employee, Leave and Recruitment Management System – Crew HRM has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 12, 2024Updated 8mo ago

Risk Assessment

The "hr-management" plugin v1.2.2 exhibits a generally positive security posture with a low attack surface, primarily due to proper implementation of prepared statements for SQL queries and good output escaping practices. The absence of AJAX handlers and REST API routes without proper checks is also a strength. However, the presence of the `unserialize` function is a significant concern as it can lead to Remote Code Execution if used with untrusted input. While taint analysis shows no unsanitized flows in this specific scan, this function's inherent risk cannot be ignored.

The plugin's vulnerability history reveals a past high-severity vulnerability, specifically related to Deserialization of Untrusted Data. Although this vulnerability is reported as patched, the pattern indicates that this class of vulnerability is a recurring concern for this plugin. The fact that there is a past unpatched vulnerability of high severity, even if now patched, suggests a need for continuous vigilance and thorough code review, particularly around data handling that involves deserialization.

In conclusion, while the plugin demonstrates good security practices in many areas, the use of `unserialize` combined with its past deserialization vulnerability history presents a notable risk that warrants attention. The plugin's strengths lie in its limited attack surface and diligent use of prepared statements and output escaping. Its weaknesses center on the potential for deserialization vulnerabilities.

Key Concerns

Use of unserialize function
Past high severity CVE (Deserialization)

Vulnerabilities

Employee, Leave and Recruitment Management System – Crew HRM Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-43252high · 8.1Deserialization of Untrusted Data

Crew HRM <= 1.1.1 - Unauthenticated PHP Object Injection

Aug 12, 2024 Patched in 1.1.2 (11d)

Code Analysis

Analyzed Mar 16, 2026

Employee, Leave and Recruitment Management System – Crew HRM Code Analysis

Dangerous Functions

Raw SQL Queries

109 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized_data = @unserialize( $data, ['allowed_classes' => false] );classes\Helpers\_String.php:206

SQL Query Safety

83% prepared131 total queries

Output Escaping

80% escaped55 total outputs

Attack Surface

Employee, Leave and Recruitment Management System – Crew HRM Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[crewhrm_careers] classes\Setup\Shortcode.php:23

WordPress Hooks 41

actionplugins_loadedaddons\Recaptcha\classes\Main.php:42

filtercrewhrm_controllersaddons\Recaptcha\classes\Setup\Dispatcher.php:23

actionwp_enqueue_scriptsaddons\Recaptcha\classes\Setup\Scripts.php:25

actionadmin_enqueue_scriptsaddons\Recaptcha\classes\Setup\Scripts.php:26

actioncrewhrm_submit_application_beforeaddons\Recaptcha\classes\Setup\Verify.php:22

actioncrewhrm_pro_loadedclasses\Main.php:89

filterupload_dirclasses\Models\FileManager.php:110

filterwp_mail_fromclasses\Models\Mailer.php:104

filterwp_mail_from_nameclasses\Models\Mailer.php:105

filterwp_mail_content_typeclasses\Models\Mailer.php:106

actionadmin_menuclasses\Setup\Addon.php:39

actionadmin_menuclasses\Setup\Admin.php:34

actionadmin_menuclasses\Setup\Admin.php:35

actionadmin_noticesclasses\Setup\Admin.php:37

actionadmin_headclasses\Setup\Admin.php:80

actioninitclasses\Setup\Blocks.php:21

filterquery_varsclasses\Setup\Careers.php:32

actiongenerate_rewrite_rulesclasses\Setup\Careers.php:33

filterthe_contentclasses\Setup\Careers.php:34

filtercrewhrm_save_settingsclasses\Setup\Careers.php:35

actioncrewhrm_clear_incomplete_applicationsclasses\Setup\Careers.php:38

actioninitclasses\Setup\Careers.php:39

actioncrewhrm_activatedclasses\Setup\Careers.php:42

actioncrewhrm_activatedclasses\Setup\Database.php:28

actionadmin_initclasses\Setup\Database.php:29

actionplugins_loadedclasses\Setup\Dispatcher.php:53

actioninitclasses\Setup\Employee.php:28

filterget_avatar_urlclasses\Setup\Employee.php:29

actioninitclasses\Setup\Employee.php:30

actioncrewhrm_job_application_createdclasses\Setup\Mails.php:23

filtercrewhrm_frontend_dataclasses\Setup\Mails.php:26

actionpre_get_postsclasses\Setup\Media.php:24

actionadmin_enqueue_scriptsclasses\Setup\Scripts.php:28

actionwp_enqueue_scriptsclasses\Setup\Scripts.php:29

actionadmin_enqueue_scriptsclasses\Setup\Scripts.php:32

actionwp_enqueue_scriptsclasses\Setup\Scripts.php:33

actionwp_headclasses\Setup\Scripts.php:36

actionadmin_headclasses\Setup\Scripts.php:37

actioninitclasses\Setup\Scripts.php:40

actionactivated_pluginclasses\Setup\Welcome.php:31

actioninitclasses\Setup\Welcome.php:32

Scheduled Events 1

crewhrm_clear_incomplete_applications

Maintenance & Trust

Employee, Leave and Recruitment Management System – Crew HRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 29, 2025

PHP min version7.4

Downloads8K

Community Trust

Rating100/100

Number of ratings9

Active installs200

Alternatives

Employee, Leave and Recruitment Management System – Crew HRM Alternatives

Hiring Center

hiring-center

100

Create a powerful job portal and professional career page directly within WordPress. Simplify your recruitment workflow and manage job listings.

0 No CVEs

JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin

jobwp

Create a modern job board and career page on WordPress. Accept job listings, manage applications, and grow a recruitment platform.

1K 7 CVEs

Personio Integration Light

personio-integration-light

100

Import and display your positions from Personio directly on your website. Get full control over how they are displayed.

200 No CVEs

Cliptakes

cliptakes

Intuitive All-in-one Video Interview and Editing Plugin. Saving Recruiters Time and Capturing Talent, Masterfully.

40 1 CVE

Humera Job Board

humera-job-board

100

A simple and customizable job posting plugin with employer dashboard and frontend application form.

0 No CVEs

Developer Profile

Employee, Leave and Recruitment Management System – Crew HRM Developer Profile

Crew HRM

1 plugin · 200 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Employee, Leave and Recruitment Management System – Crew HRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hr-management/dist/hrm.js/wp-content/plugins/hr-management/dist/settings.js/wp-content/plugins/hr-management/dist/addons-page.js/wp-content/plugins/hr-management/dist/careers.js/wp-content/plugins/hr-management/dist/blocks-viewer.js/wp-content/plugins/hr-management/dist/libraries/translation-loader.js/wp-content/plugins/hr-management/dist/application-page.js/wp-content/plugins/hr-management/dist/settings-page.js

Script Paths

Version Parameters

hr-management?ver=hr-management-recapcha-careers?ver=hr-management-recaptcha-settings?ver=hr-management-hrm?ver=hr-management-settings?ver=hr-management-addons-script?ver=hr-management-careers?ver=hr-management-blocks-viewer?ver=hr-management-translations?ver=

HTML / DOM Fingerprints

CSS Classes

crewhrm_containercrewhrm-titlecrewhrm-sub-titlecrewhrm-btncrewhrm-btn-primarycrewhrm-btn-secondarycrewhrm-btn-transparentcrewhrm-form-control+6 more

HTML Comments

+20 more

Data Attributes

data-cylector="root"

JS Globals

CrewHRM

REST Endpoints

/wp-json/crewhrm/v1/wp-json/crewhrm/v1/jobs/wp-json/crewhrm/v1/departments/wp-json/crewhrm/v1/settings

Shortcode Output

[crewhrm_jobs][crewhrm_careers_form][crewhrm_dashboard]

FAQ