Does Hr Press Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Hr Press Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hr Press Lite compatible with WordPress 6.7.5?

According to WordPress.org data, Hr Press Lite 1.0.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Hr Press Lite compatible with PHP 7.4+?

Hr Press Lite requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hr Press Lite updated?

Hr Press Lite was last updated on Jan 18, 2026. Frequent updates are generally a positive security signal.

What is Hr Press Lite's security score?

Hr Press Lite has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hr Press Lite Security & Risk Analysis

wordpress.org/plugins/hr-press-lite

Hr Press Lite is a modern Employee Management System to track attendance, breaks, and manage employees efficiently. HRM (Human Resource Management) is …

50 active installs v1.0.2 PHP 7.4+ WP 6.0+ Updated Jan 18, 2026

attendance-managementemployee-self-servicehrhrmhuman-resources-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hr Press Lite Safe to Use in 2026?

Generally Safe

Score 100/100

Hr Press Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'hr-press-lite' plugin version 1.0.2 presents a significant security risk due to its extensive attack surface being entirely unprotected. All 33 identified AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these actions. This, coupled with 11 identified taint flows with unsanitized paths, creates a high likelihood of severe vulnerabilities like remote code execution or data breaches.

While the plugin demonstrates good practices in SQL query preparedness (89%) and output escaping (98%), and has no recorded vulnerability history, these strengths are overshadowed by the fundamental insecurity of its entry points. The presence of 9 dangerous function calls, specifically 'unserialize', is particularly concerning when combined with unsanitized input handling, as it opens doors to unserialize vulnerabilities.

In conclusion, the lack of authorization on all AJAX endpoints and the presence of unsanitized input flows are critical weaknesses. Despite positive aspects in other areas, the plugin's current state makes it highly vulnerable to attacks. It is strongly recommended to address the unprotected AJAX handlers and taint flows immediately.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Dangerous unserialize function usage
No capability checks on entry points

Vulnerabilities

None known

Hr Press Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hr Press Lite Code Analysis

Dangerous Functions

Raw SQL Queries

152 prepared

Unescaped Output

800 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$announcement_announced_to = unserialize( $announcement->announced_to );admin\inc\announcements\save.php:24

unserialize$shift_holidays = unserialize( $shift->holidays );admin\inc\shifts\save.php:20

unserialize$holidays = array_map( 'ucwords', array_map( 'strtolower', unserialize( $row->holidays ) ) );includes\HRP_Action.php:640

unserialize$send_to_list = unserialize( $row->announced_to );includes\HRP_Action.php:1792

unserialize$send_to_list = unserialize( $row->announced_to );includes\HRP_Action.php:2560

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:274

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:305

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:339

unserialize$settings = unserialize( $settings->setting_value );includes\HRP_Helper.php:363

Bundled Libraries

DataTablesSelect2

SQL Query Safety

89% prepared171 total queries

Output Escaping

98% escaped820 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

19 flows11 with unsanitized paths

<save> (admin\inc\attendances\save.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

33 unprotected

Hr Press Lite Attack Surface

Entry Points33

Unprotected33

AJAX Handlers 33

authwp_ajax_hrp-save-departmentadmin\admin.php:9

authwp_ajax_hrp-fetch-departmentsadmin\admin.php:10

authwp_ajax_hrp-delete-departmentadmin\admin.php:11

authwp_ajax_hrp-save-designationadmin\admin.php:14

authwp_ajax_hrp-fetch-designationsadmin\admin.php:15

authwp_ajax_hrp-delete-designationadmin\admin.php:16

authwp_ajax_hrp-save-shiftadmin\admin.php:19

authwp_ajax_hrp-fetch-shiftsadmin\admin.php:20

authwp_ajax_hrp-delete-shiftadmin\admin.php:21

authwp_ajax_hrp-save-attendanceadmin\admin.php:24

authwp_ajax_hrp-fetch-attendancesadmin\admin.php:25

authwp_ajax_hrp-delete-attendanceadmin\admin.php:26

authwp_ajax_hrp-fetch-attendances-employeesadmin\admin.php:27

authwp_ajax_hrp-save-holidayadmin\admin.php:30

authwp_ajax_hrp-fetch-holidaysadmin\admin.php:31

authwp_ajax_hrp-delete-holidayadmin\admin.php:32

authwp_ajax_hrp-save-employeeadmin\admin.php:35

authwp_ajax_hrp-fetch-employeesadmin\admin.php:36

authwp_ajax_hrp-delete-employeeadmin\admin.php:37

authwp_ajax_hrp-save-announcementadmin\admin.php:40

authwp_ajax_hrp-fetch-announcementsadmin\admin.php:41

authwp_ajax_hrp-delete-announcementadmin\admin.php:42

authwp_ajax_hrp-save-company-detailsadmin\admin.php:45

authwp_ajax_hrp-save-notification-settingsadmin\admin.php:46

authwp_ajax_hrp-save-attendance-settingsadmin\admin.php:47

authwp_ajax_hrp-save-email-template-settingsadmin\admin.php:48

authwp_ajax_hrp-save-checkinadmin\admin.php:51

authwp_ajax_hrp-save-checkoutadmin\admin.php:52

authwp_ajax_hrp-save-breakinadmin\admin.php:53

authwp_ajax_hrp-save-breakoutadmin\admin.php:54

authwp_ajax_hrp-fetch-emp-announcementsadmin\admin.php:56

authwp_ajax_hrp-fetch-reportsadmin\admin.php:58

authwp_ajax_send-test-emailadmin\admin.php:61

WordPress Hooks 3

actionadmin_menuadmin\admin.php:6

actionplugins_loadedpublic\public.php:8

actionhrp_holiday_notificationpublic\public.php:13

Scheduled Events 1

hrp_holiday_notification

Maintenance & Trust

Hr Press Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 18, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Hr Press Lite Alternatives

WP-HR Manager: The Human Resources Plugin for WordPress

wp-hr-manager

Easily add a powerful HR / human resource management system and employee self service (ESS) portal to your website. = Credits = This plugin uses [WP E …

300 1 CVE

Clockinator Lite

clockify-lite

Clockinator Lite is a powerful and easy-to-use employee and attendance management plugin for WordPress.

100 1 unpatched

HR Performance

hr-performance

Evaluate the performance of your Staffs/Employees easily.

10 No CVEs

WP HRMS

wp-hrms

Human Resource Management System for WordPress

10 No CVEs

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs

Developer Profile

Hr Press Lite Developer Profile

CODECLOVE

1 plugin · 50 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hr Press Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hr-press-lite/assets/css/style.css/wp-content/plugins/hr-press-lite/assets/css/main.css/wp-content/plugins/hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js/wp-content/plugins/hr-press-lite/assets/js/nioapp.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/select2.full.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/sweetalert2.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/toastr.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/jquery.validate.min.js+1 more

Script Paths

/wp-content/plugins/hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js/wp-content/plugins/hr-press-lite/assets/js/nioapp.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/select2.full.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/sweetalert2.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/toastr.min.js/wp-content/plugins/hr-press-lite/assets/js/libraries/jquery.validate.min.js+1 more

Version Parameters

hr-press-lite/assets/css/style.css?ver=hr-press-lite/assets/css/main.css?ver=hr-press-lite/assets/js/libraries/bootstrap.bundle.min.js?ver=hr-press-lite/assets/js/nioapp.min.js?ver=hr-press-lite/assets/js/libraries/select2.full.min.js?ver=hr-press-lite/assets/js/libraries/sweetalert2.min.js?ver=hr-press-lite/assets/js/libraries/toastr.min.js?ver=hr-press-lite/assets/js/libraries/jquery.validate.min.js?ver=hr-press-lite/assets/js/datatable/jquery.dataTables.js?ver=

HTML / DOM Fingerprints

JS Globals

HRP_PLUGIN_VERSION

FAQ

Hr Press Lite Security & Risk Analysis

Is Hr Press Lite Safe to Use in 2026?

Generally Safe

Key Concerns

Hr Press Lite Security Vulnerabilities

Hr Press Lite Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Hr Press Lite Attack Surface

AJAX Handlers 33

Scheduled Events 1

Hr Press Lite Maintenance & Trust

Maintenance Signals

Community Trust

Hr Press Lite Alternatives

WP-HR Manager: The Human Resources Plugin for WordPress

Clockinator Lite

HR Performance

WP HRMS

OneSignal – Web Push Notifications

Hr Press Lite Developer Profile

How We Detect Hr Press Lite

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Hr Press Lite