Does Job Postings have any unpatched vulnerabilities?

Yes — Job Postings currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Job Postings compatible with WordPress 6.8.5?

According to WordPress.org data, Job Postings 2.8.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Job Postings updated?

Job Postings was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is Job Postings's security score?

Job Postings has a WP-Safety security score of 72/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Job Postings Security & Risk Analysis

wordpress.org/plugins/job-postings

WordPress plugin that make it easy to add job postings to your company’s website in a structured way.

10K active installs v2.8.1 PHP + WP 5.0+ Updated Jan 30, 2026

careeremploymentjobsrecruitervacancy

B · Generally Safe

CVEs total11

Unpatched1

Last CVEMar 10, 2026

Plugin page Download

Safety Verdict

Is Job Postings Safe to Use in 2026?

Mostly Safe

Score 72/100

Job Postings is generally safe to use. 11 past CVEs were resolved. Keep it updated.

11 known CVEs 1 unpatched Last CVE: Mar 10, 2026Updated 2mo ago

Risk Assessment

The "job-postings" v2.8.1 plugin presents a mixed security posture with significant concerns alongside some positive practices. While the plugin demonstrates a commitment to secure database interactions with 100% prepared statements for SQL queries, this strength is overshadowed by critical vulnerabilities indicated in the taint analysis and its history. The presence of four flows with unsanitized paths, two of which are high severity, suggests potential for attackers to manipulate input to achieve unintended and possibly malicious outcomes, such as executing arbitrary code or accessing sensitive files.

The plugin's attack surface includes three unprotected AJAX handlers, which are prime targets for unauthorized actions. Furthermore, the history of 10 medium-severity CVEs, with one currently unpatched, points to a recurring pattern of vulnerabilities, primarily Cross-Site Scripting and Path Traversal. This historical trend, coupled with the static analysis findings, suggests that the development team may not be consistently applying secure coding principles or adequately testing for common web vulnerabilities.

In conclusion, while the use of prepared statements is commendable, the unprotected entry points, high-severity taint flows, and the pattern of past vulnerabilities significantly elevate the risk associated with this plugin. The unpatched CVE is a critical red flag, indicating an immediate and known security weakness that needs urgent attention.

Key Concerns

Unpatched CVE
High severity taint flows
Unprotected AJAX handlers
Unsanitized paths in taint flows
Output escaping only 57% proper
Bundled outdated library: TCPDF v1.0
Dangerous functions: unseralize, create_function
Low nonce check coverage

Vulnerabilities

Job Postings Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

4 CVEs in 2024

2024

4 CVEs in 2025 · unpatched

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

11 total CVEs

CVE-2026-23806medium · 5.3Missing Authorization

Job Postings <= 2.8 - Missing Authorization

Mar 10, 2026 Patched in 2.8.1 (10d)

CVE-2025-68597medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 22, 2025Unpatched

CVE-2025-50050medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 2.7.15 (37d)

CVE-2025-1310medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read

Mar 25, 2025 Patched in 2.7.12 (1d)

CVE-2024-10105medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Job Postings <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 2.7.11 (50d)

CVE-2024-10104medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 28, 2024 Patched in 2.7.8 (46d)

CVE-2024-2833medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting via job-search

Apr 17, 2024 Patched in 2.7.6 (45d)

CVE-2024-32149medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting

Apr 12, 2024 Patched in 2.7.6 (6d)

CVE-2024-0820medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 21, 2024 Patched in 2.7.4 (57d)

CVE-2023-26017medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 21, 2023 Patched in 2.5.11 (336d)

CVE-2022-44743medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting

Feb 2, 2023 Patched in 2.5.11 (355d)

Code Analysis

Analyzed Mar 16, 2026

Job Postings Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

400

522 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$meta = unserialize($meta[0]);include\class-job-application-submit.php:670

unserialize$meta = unserialize($meta);include\class-job-application-submit.php:673

unserialize$meta = unserialize($meta);include\class-job-entry.php:93

unserialize$data = @unserialize($letter);include\class-job-entry.php:257

unserialize$data = @unserialize($fielddata);include\class-job-entry.php:278

unserialize$meta = unserialize($meta);include\class-job-entry.php:371

unserialize$meta = unserialize($meta);include\class-job-entry.php:419

unserialize$meta = unserialize($meta);include\class-job-notifications.php:59

unserialize$meta = unserialize($meta);include\class-job-notifications.php:62

unserialize$letter = isset($post_meta['jobs_attachment_input_job_letter']) ? unserialize($post_meta['jobs_attacinclude\class-job-notifications.php:105

unserializeif( Job_Postings_Helper::is_serialized($letter) ) $letter = unserialize($letter);include\class-job-notifications.php:110

unserializeif( Job_Postings_Helper::is_serialized($field) ) $field = unserialize($field);include\class-job-notifications.php:117

unserializeif( Job_Postings_Helper::is_serialized($field) ) $field = unserialize($field);include\class-job-notifications.php:118

unserialize$meta = unserialize($meta);include\class-job-notifications.php:240

unserialize$meta = unserialize($meta);include\class-job-notifications.php:242

unserialize$meta = unserialize($meta);include\class-job-notifications.php:328

unserialize$meta = unserialize($meta);include\class-job-notifications.php:330

create_function$search_terms = array_filter(array_map( create_function( '$a', 'return trim($a, "\\"\'\\n\\r ");' ),include\class-job-post-type.php:188

unserializeif (($result = @unserialize($value)) === false)include\class-job-posting-helper.php:200

unserialize$remote_data = unserialize($remote_data);include\class-job-single-view.php:322

unserialize$remote_data = unserialize($remote_data);include\class-job-single-view.php:496

unserialize$remote_data = unserialize($remote_data);include\class-pdf-export.php:505

Bundled Libraries

Select2TCPDF1.0

SQL Query Safety

100% prepared15 total queries

Output Escaping

57% escaped922 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

restrict_listings_by_post_type (include\class-job-post-type.php:385)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Job Postings Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 3

authwp_ajax_jobs_metrics_attachemnt_notice_seenclass-job-postings.php:68

authwp_ajax_jobslisting_apply_nowinclude\class-job-application-submit.php:10

noprivwp_ajax_jobslisting_apply_nowinclude\class-job-application-submit.php:11

Shortcodes 5

[job-postings] class-job-postings.php:55

[job-categories] class-job-postings.php:56

[job-categories-tree] class-job-postings.php:57

[job-search] class-job-postings.php:58

[job-single] class-job-postings.php:59

WordPress Hooks 46

actioninitclass-job-postings.php:29

actioninitclass-job-postings.php:46

filterrest_prepare_jobsclass-job-postings.php:48

actionpost_edit_form_tagclass-job-postings.php:50

filtertemplate_includeclass-job-postings.php:52

actionafter_setup_themeclass-job-postings.php:63

actionnav_menu_css_classclass-job-postings.php:65

filterwpseo_json_ld_outputclass-job-postings.php:72

filterjob-postings/disable_json_ldclass-job-postings.php:75

filterwpseo_json_ld_outputclass-job-postings.php:76

actiondeactivated_pluginclass-job-postings.php:79

actionadmin_noticesinclude\class-bg-analytics.php:31

filterjob-postings/position_fieldsinclude\class-job-add-edit.php:14

actionadd_meta_boxesinclude\class-job-add-edit.php:16

actionsave_postinclude\class-job-add-edit.php:17

actioninitinclude\class-job-add-edit.php:20

actionsave_postinclude\class-job-add-edit.php:1485

filterjob-postings/email/merge_tagsinclude\class-job-application-submit.php:8

actionadmin_headinclude\class-job-dependencies.php:10

actionadmin_action_jobs_duplicate_post_as_draftinclude\class-job-duplicate-offer.php:7

filterpost_row_actionsinclude\class-job-duplicate-offer.php:8

actionpost_submitbox_misc_actionsinclude\class-job-duplicate-offer.php:9

actionadd_meta_boxesinclude\class-job-entry.php:7

filtermanage_edit-job-entry_columnsinclude\class-job-entry.php:8

actionmanage_posts_custom_columninclude\class-job-entry.php:9

actionadmin_menuinclude\class-job-entry.php:10

filterpost_classinclude\class-job-entry.php:11

actionbefore_delete_postinclude\class-job-entry.php:12

actioninitinclude\class-job-get-uploaded-file.php:8

actionquery_varsinclude\class-job-get-uploaded-file.php:9

actiontemplate_redirectinclude\class-job-get-uploaded-file.php:10

filterjobs_post_type/sluginclude\class-job-post-type.php:12

actioninitinclude\class-job-post-type.php:14

actionrestrict_manage_postsinclude\class-job-post-type.php:16

filterparse_queryinclude\class-job-post-type.php:17

filterposts_joininclude\class-job-post-type.php:20

filterposts_searchinclude\class-job-post-type.php:21

filterposts_requestinclude\class-job-post-type.php:22

filtermanage_edit-jobs_category_columnsinclude\class-job-post-type.php:25

filtermanage_jobs_category_custom_columninclude\class-job-post-type.php:26

actionadmin_head-edit-tags.phpinclude\class-job-post-type.php:27

actionadmin_menuinclude\class-job-post-type.php:29

actiontemplate_redirectinclude\class-job-security.php:10

actionadmin_initinclude\class-job-settings.php:9

actionadmin_menuinclude\class-job-settings.php:11

actioninitjob-postings.php:32

Maintenance & Trust

Job Postings Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 30, 2026

PHP min version

Downloads243K

Community Trust

Rating88/100

Number of ratings58

Active installs10K

Alternatives

Job Postings Alternatives

AI Job Listing – Job Board Plugin To Manage Hiring

ai-job-listing

100

Transform your website into a hiring hub with our WordPress Job Board Plugin. Post jobs, attract talent, and manage applications—all in one place.

70 No CVEs

HireHive Job Plugin

zartis-job-plugin

Easily add job listings and secure candidate management to your Wordpress site.

50 1 unpatched

Job Board by ejobsitesoftware

job-board-by-ejobsitesoftware

100

A comprehensive job board plugin with features like job posting, job search, applications, employer/jobseeker dashboards, and more.

10 No CVEs

Jobs Finder

jobs-finder

Plugin "Jobs Finder" gives visitors the opportunity to more than 1 million offer of employment. Jobs search for USA, UK, Canada, Australia

10 No CVEs

WP Job Manager

wp-job-manager

Create a careers page for your company website, or build a public job board for your community.

80K 7 CVEs

Developer Profile

Job Postings Developer Profile

BlueGlass Interactive AG

1 plugin · 10K total installs

trust score

Avg Security Score

72/100

Avg Patch Time

94 days

View full developer profile

Detection Fingerprints

How We Detect Job Postings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/job-postings/admin/css/style.css/wp-content/plugins/job-postings/admin/css/colorpicker.css/wp-content/plugins/job-postings/admin/js/jquery-autogrow.js/wp-content/plugins/job-postings/admin/js/jquery-match-height.js/wp-content/plugins/job-postings/admin/css/jquery-ui.css/wp-content/plugins/job-postings/admin/css/jquery-ui.theme.min.css/wp-content/plugins/job-postings/admin/js/colorpicker.js/wp-content/plugins/job-postings/admin/js/jquery.repeater.min.js+5 more

Script Paths

/wp-content/plugins/job-postings/admin/js/jquery-autogrow.js/wp-content/plugins/job-postings/admin/js/jquery-match-height.js/wp-content/plugins/job-postings/admin/js/colorpicker.js/wp-content/plugins/job-postings/admin/js/jquery.repeater.min.js/wp-content/plugins/job-postings/admin/js/script.js/wp-content/plugins/job-postings/js/select2.min.js+1 more

Version Parameters

job-postings/admin/css/style.css?ver=job-postings/admin/css/colorpicker.css?ver=job-postings/admin/js/colorpicker.js?ver=job-postings/admin/js/jquery.repeater.min.js?ver=job-postings/admin/js/script.js?ver=job-postings/js/select2.min.js?ver=job-postings/js/script.js?ver=job-postings/css/select2.min.css?ver=job-postings/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

jp-admin-stylesjp-admin-colorpickerjp-admin-uijp-admin-ui-stylesjp-front-select2jp-front-styles

Data Attributes

jobs_recaptcha_site_keyjobs_recaptcha_secret_keyjobs_recaptcha_typejobs_filesize_validation_jobs_max_filesize

JS Globals

jpsd

FAQ

Job Postings Security & Risk Analysis

Is Job Postings Safe to Use in 2026?

Mostly Safe

Key Concerns

Job Postings Security Vulnerabilities

CVEs by Year

Severity Breakdown

Job Postings Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Job Postings Attack Surface

AJAX Handlers 3

Shortcodes 5

Job Postings Maintenance & Trust

Maintenance Signals

Community Trust

Job Postings Alternatives

AI Job Listing – Job Board Plugin To Manage Hiring

HireHive Job Plugin

Job Board by ejobsitesoftware

Jobs Finder

WP Job Manager

Job Postings Developer Profile

How We Detect Job Postings

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Job Postings