Does Hr Press Lite have any unpatched vulnerabilities?

Yes — Hr Press Lite currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Hr Press Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Hr Press Lite 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Hr Press Lite compatible with PHP 7.4+?

Hr Press Lite requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hr Press Lite updated?

Hr Press Lite was last updated on Apr 11, 2026. Frequent updates are generally a positive security signal.

What is Hr Press Lite's security score?

Hr Press Lite has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hr Press Lite Security & Risk Analysis

wordpress.org/plugins/hr-press-lite

Hr Press Lite is a modern Employee Management System to track attendance, breaks, and manage employees efficiently. HRM (Human Resource Management) is …

60 active installs v1.0.3 PHP 7.4+ WP 6.0+ Updated Apr 11, 2026

attendance-managementemployee-self-servicehrhrmhuman-resources-management

B · Generally Safe

CVEs total1

Unpatched1

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is Hr Press Lite Safe to Use in 2026?

Mostly Safe

Score 78/100

Hr Press Lite is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Mar 20, 2026Updated 1mo ago

Risk Assessment

The 'hr-press-lite' plugin version 1.0.2 presents a significant security risk due to its extensive attack surface being entirely unprotected. All 33 identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these actions. This, coupled with 11 identified taint flows with unsanitized paths, creates a high likelihood of severe vulnerabilities like remote code execution or data breaches.

While the plugin demonstrates good practices in SQL query preparedness (89%) and output escaping (98%), and has no recorded vulnerability history, these strengths are overshadowed by the fundamental insecurity of its entry points. The presence of 9 dangerous function calls, specifically 'unserialize', is particularly concerning when combined with unsanitized input handling, as it opens doors to unserialize vulnerabilities.

In conclusion, the lack of authorization on all AJAX endpoints and the presence of unsanitized input flows are critical weaknesses. Despite positive aspects in other areas, the plugin's current state makes it highly vulnerable to attacks. It is strongly recommended to address the unprotected AJAX handlers and taint flows immediately.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Dangerous unserialize function usage
No capability checks on entry points

Vulnerabilities

1 published

Hr Press Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-2720medium · 6.5Missing Authorization

Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

Mar 20, 2026Unpatched

Version History

Hr Press Lite Release Timeline

v1.0.3Current1 CVE

CVE-2026-2720

v1.0.21 CVE

CVE-2026-2720

v1.0.01 CVE

CVE-2026-2720

Code Analysis

Analyzed Mar 16, 2026

Hr Press Lite Code Analysis

Dangerous Functions

Raw SQL Queries

152 prepared

Unescaped Output

800 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$announcement_announced_to = unserialize( $announcement->announced_to );admin\inc\announcements\save.php:24

unserialize$shift_holidays = unserialize( $shift->holidays );admin\inc\shifts\save.php:20

unserialize$holidays = array_map( 'ucwords', array_map( 'strtolower', unserialize( $row->holidays ) ) );includes\HRP_Action.php:640

unserialize$send_to_list = unserialize( $row->announced_to );includes\HRP_Action.php:1792

unserialize$send_to_list = unserialize( $row->announced_to );includes\HRP_Action.php:2560

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:274

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:305

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:339

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:363

Bundled Libraries

DataTablesSelect2

SQL Query Safety

89% prepared171 total queries

Output Escaping

98% escaped820 total outputs

Data Flows · Security

11 unsanitized

Data Flow Analysis

19 flows11 with unsanitized paths

<save> (admin\inc\attendances\save.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

33 unprotected

Hr Press Lite Attack Surface

Entry Points33

Unprotected33

AJAX Handlers 33

authwp_ajax_hrp-save-departmentadmin\admin.php:9

authwp_ajax_hrp-fetch-departmentsadmin\admin.php:10

authwp_ajax_hrp-delete-departmentadmin\admin.php:11

authwp_ajax_hrp-save-designationadmin\admin.php:14

authwp_ajax_hrp-fetch-designationsadmin\admin.php:15

authwp_ajax_hrp-delete-designationadmin\admin.php:16

authwp_ajax_hrp-save-shiftadmin\admin.php:19

authwp_ajax_hrp-fetch-shiftsadmin\admin.php:20

authwp_ajax_hrp-delete-shiftadmin\admin.php:21

authwp_ajax_hrp-save-attendanceadmin\admin.php:24

authwp_ajax_hrp-fetch-attendancesadmin\admin.php:25

authwp_ajax_hrp-delete-attendanceadmin\admin.php:26

authwp_ajax_hrp-fetch-attendances-employeesadmin\admin.php:27

authwp_ajax_hrp-save-holidayadmin\admin.php:30

authwp_ajax_hrp-fetch-holidaysadmin\admin.php:31

authwp_ajax_hrp-delete-holidayadmin\admin.php:32

authwp_ajax_hrp-save-employeeadmin\admin.php:35

authwp_ajax_hrp-fetch-employeesadmin\admin.php:36

authwp_ajax_hrp-delete-employeeadmin\admin.php:37

authwp_ajax_hrp-save-announcementadmin\admin.php:40

authwp_ajax_hrp-fetch-announcementsadmin\admin.php:41

authwp_ajax_hrp-delete-announcementadmin\admin.php:42

authwp_ajax_hrp-save-company-detailsadmin\admin.php:45

authwp_ajax_hrp-save-notification-settingsadmin\admin.php:46

authwp_ajax_hrp-save-attendance-settingsadmin\admin.php:47

authwp_ajax_hrp-save-email-template-settingsadmin\admin.php:48

authwp_ajax_hrp-save-checkinadmin\admin.php:51

authwp_ajax_hrp-save-checkoutadmin\admin.php:52

authwp_ajax_hrp-save-breakinadmin\admin.php:53

authwp_ajax_hrp-save-breakoutadmin\admin.php:54

authwp_ajax_hrp-fetch-emp-announcementsadmin\admin.php:56

authwp_ajax_hrp-fetch-reportsadmin\admin.php:58

authwp_ajax_send-test-emailadmin\admin.php:61

WordPress Hooks 3

actionadmin_menuadmin\admin.php:6

actionplugins_loadedpublic\public.php:8

actionhrp_holiday_notificationpublic\public.php:13

Scheduled Events 1

hrp_holiday_notification

Maintenance & Trust

Hr Press Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 11, 2026

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

Hr Press Lite Alternatives

WP-HR Manager: The Human Resources Plugin for WordPress

wp-hr-manager

Easily add a powerful HR / human resource management system and employee self service (ESS) portal to your website. = Credits = This plugin uses [WP E …

300 1 CVE

Clockinator Lite

clockify-lite

Clockinator Lite is a powerful and easy-to-use employee and attendance management plugin for WordPress.

100 1 unpatched

HR Performance

hr-performance

Evaluate the performance of your Staffs/Employees easily.

10 No CVEs

WP HRMS

wp-hrms

Human Resource Management System for WordPress

10 No CVEs

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 3 CVEs

Developer Profile

Hr Press Lite Developer Profile

CODECLOVE

1 plugin · 60 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hr Press Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hr-press-lite/assets/css/style.css/wp-content/plugins/hr-press-lite/assets/css/main.css/wp-content/plugins/hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js/wp-content/plugins/hr-press-lite/assets/js/nioapp.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/select2.full.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/sweetalert2.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/toastr.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/jquery.validate.min.js+1 more

Script Paths

/wp-content/plugins/hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js/wp-content/plugins/hr-press-lite/assets/js/nioapp.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/select2.full.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/sweetalert2.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/toastr.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/jquery.validate.min.js+1 more

Version Parameters

hr-press-lite/assets/css/style.css?ver=hr-press-lite/assets/css/main.css?ver=hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js?ver=hr-press-lite/assets/js/nioapp.min.js?ver=hr-press-lite/assets/js/libraries/select2.full.min.js?ver=hr-press-lite/assets/js/libraries/sweetalert2.min.js?ver=hr-press-lite/assets/js/libraries/toastr.min.js?ver=hr-press-lite/assets/js/libraries/jquery.validate.min.js?ver=hr-press-lite/assets/js/datatable/jquery.dataTables.js?ver=

HTML / DOM Fingerprints

JS Globals

HRP_PLUGIN_VERSION

FAQ

Hr Press Lite Security & Risk Analysis

Is Hr Press Lite Safe to Use in 2026?

Mostly Safe

Key Concerns

Hr Press Lite Security Vulnerabilities

CVEs by Year

Severity Breakdown

Hr Press Lite Release Timeline

Hr Press Lite Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Hr Press Lite Attack Surface

AJAX Handlers 33

Scheduled Events 1

Hr Press Lite Maintenance & Trust

Maintenance Signals

Community Trust

Hr Press Lite Alternatives

WP-HR Manager: The Human Resources Plugin for WordPress

Clockinator Lite

HR Performance

WP HRMS

OneSignal – Web Push Notifications

Hr Press Lite Developer Profile

How We Detect Hr Press Lite

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Hr Press Lite