Does JS Job Manager have any unpatched vulnerabilities?

Yes — JS Job Manager currently has 7 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is JS Job Manager compatible with WordPress 6.8.5?

According to WordPress.org data, JS Job Manager 2.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is JS Job Manager updated?

JS Job Manager was last updated on Nov 22, 2025. Frequent updates are generally a positive security signal.

What is JS Job Manager's security score?

JS Job Manager has a WP-Safety security score of 18/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JS Job Manager Security & Risk Analysis

wordpress.org/plugins/js-jobs

JS Job Manager is Word Press best job board plugin. It is easy to use and highly configurable. It fully accommodates job seekers and employers.

100 active installs v2.0.2 PHP + WP 4.5+ Updated Nov 22, 2025

boardjobjob-boardjob-listingjobs

F · Critical Risk

CVEs total12

Unpatched7

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is JS Job Manager Safe to Use in 2026?

Critical Risk — Avoid

Score 18/100

JS Job Manager is critically unsafe with 12 known CVEs, 7 still unpatched. Avoid in production.

12 known CVEs 7 unpatched Last CVE: Sep 22, 2025Updated 4mo ago

Risk Assessment

The js-jobs v2.0.2 plugin exhibits a concerning security posture, balancing some good practices with significant weaknesses. While it demonstrates a substantial effort in output escaping and utilizes prepared statements for a majority of its SQL queries, these strengths are overshadowed by critical vulnerabilities and exposed attack vectors. The presence of dangerous functions like 'exec' and a considerable number of flows with unsanitized paths, especially those marked as high severity in taint analysis, indicate a high potential for code execution and data compromise. The plugin's vulnerability history is particularly alarming, with 12 known CVEs, 7 of which remain unpatched. The types of past vulnerabilities, including SQL Injection, RFI, Authorization Bypass, CSRF, XSS, and Missing Authorization, reveal recurring and severe security flaws. This pattern suggests a lack of robust security development practices and an ongoing struggle to address fundamental security issues.

Given the 2 unprotected AJAX handlers, the dangerous 'exec' function, and the high-severity unsanitized taint flows, the plugin is highly susceptible to various attacks. The vulnerability history further confirms these risks, highlighting persistent and critical security flaws. While the use of prepared statements and output escaping are positive, they do not mitigate the risks posed by the identified vulnerabilities and attack surface. Therefore, immediate attention and remediation are required to secure this plugin, and users should exercise extreme caution when deploying it.

Key Concerns

Unpatched Critical CVEs
Unpatched High Severity CVEs
High Severity Taint Flows
Unprotected AJAX Handlers
Presence of Dangerous Function 'exec'
Unsanitized Paths in Taint Flows
Missing Authorization Vulnerability History
Cross-Site Request Forgery (CSRF) Vulnerability History
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
Unrestricted Upload of File with Dangerous Type Vulnerability History
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
Authorization Bypass Through User-Controlled Key Vulnerability History

Vulnerabilities

JS Job Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

1 CVE in 2021

2021

3 CVEs in 2023

2023

7 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

12 total CVEs

CVE-2025-58234medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

CVE-2025-32626high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JS Job Manager <= 2.0.2 - Unauthenticated SQL Injection

Apr 15, 2025Unpatched

CVE-2025-32660critical · 9.8Unrestricted Upload of File with Dangerous Type

JS Job Manager <= 2.0.2 - Unauthenticated Arbitrary File Upload

Apr 14, 2025Unpatched

CVE-2025-32627critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JS Job Manager <= 2.0.2 - Unauthenticated Local File Inclusion

Apr 9, 2025Unpatched

CVE-2025-32146high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JS Job Manager <= 2.0.2 - Authenticated (Contributor+) Local File Inclusion

Apr 4, 2025Unpatched

CVE-2025-31868medium · 5.3Missing Authorization

JS Job Manager <= 2.0.2 - Missing Authorization

Apr 1, 2025Unpatched

CVE-2025-31867medium · 4.3Authorization Bypass Through User-Controlled Key

JS Job Manager <= 2.0.2 - Authenticated Insecure Direct Object Reference

Apr 1, 2025Unpatched

CVE-2023-31087medium · 5.4Cross-Site Request Forgery (CSRF)

JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions

Jun 2, 2023 Patched in 2.0.1 (235d)

CVE-2023-28689medium · 6.5Missing Authorization

JS Job Manager <= 2.0.0 - Missing Authorization

Mar 21, 2023 Patched in 2.0.1 (308d)

CVE-2023-25963medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title

Feb 21, 2023 Patched in 2.0.1 (336d)

WF-3e1f64f5-090a-4961-8490-d34f458a8d44-js-jobscritical · 9.1Missing Authorization

JS Job Manager < 1.1.9 - Arbitrary Plugin Installation/Activation

Sep 30, 2021 Patched in 1.1.9 (845d)

CVE-2018-20974high · 8.8Cross-Site Request Forgery (CSRF)

JS Job Manager <= 1.0.6 - Cross-Site Request Forgery

May 28, 2018 Patched in 1.0.7 (2066d)

Code Analysis

Analyzed Mar 16, 2026

JS Job Manager Code Analysis

Dangerous Functions

Raw SQL Queries

254 prepared

Unescaped Output

2504

8699 escaped

Nonce Checks

238

Capability Checks

File Operations

121

External Requests

Bundled Libraries

Dangerous Functions Found

execif (jsjobslib::jsjobs_strlen($mime = @exec("file -bi ".escapeshellarg($this->file_src_pathname))) !=includes\classes\class.upload.php:2426

Bundled Libraries

jQuery

SQL Query Safety

78% prepared324 total queries

Output Escaping

78% escaped11203 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

21 flows8 with unsanitized paths

upload (includes\classes\class.upload.php:2045)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

JS Job Manager Attack Surface

Entry Points27

Unprotected2

AJAX Handlers 2

authwp_ajax_jsjobs_ajaxincludes\ajax.php:9

noprivwp_ajax_jsjobs_ajaxincludes\ajax.php:10

Shortcodes 25

[jsjobs_employer_controlpanel] includes\shortcodes.php:9

[jsjobs_jobseeker_controlpanel] includes\shortcodes.php:10

[jsjobs_all_companies] includes\shortcodes.php:12

[jsjobs_job_search] includes\shortcodes.php:13

[jsjobs_job] includes\shortcodes.php:14

[jsjobs_job_categories] includes\shortcodes.php:15

[jsjobs_job_types] includes\shortcodes.php:16

[jsjobs_my_appliedjobs] includes\shortcodes.php:17

[jsjobs_my_companies] includes\shortcodes.php:18

[jsjobs_my_coverletter] includes\shortcodes.php:19

[jsjobs_my_departments] includes\shortcodes.php:20

[jsjobs_my_jobs] includes\shortcodes.php:21

[jsjobs_my_resumes] includes\shortcodes.php:22

[jsjobs_add_company] includes\shortcodes.php:23

[jsjobs_add_coverletter] includes\shortcodes.php:24

[jsjobs_add_department] includes\shortcodes.php:25

[jsjobs_add_job] includes\shortcodes.php:26

[jsjobs_add_resume] includes\shortcodes.php:27

[jsjobs_resume_search] includes\shortcodes.php:28

[jsjobs_employer_registration] includes\shortcodes.php:29

[jsjobs_jobseeker_registration] includes\shortcodes.php:30

[jsjobs_jobseeker_my_stats] includes\shortcodes.php:32

[jsjobs_employer_my_stats] includes\shortcodes.php:33

[jsjobs_login_page] includes\shortcodes.php:34

[jsjobs_searchjob] includes\shortcodes.php:36

WordPress Hooks 49

filterupload_dirincludes\classes\uploads.php:65

filterupload_dirincludes\classes\uploads.php:176

filterupload_dirincludes\classes\uploads.php:253

actionwp_dashboard_setupincludes\dashboardapi.php:16

actionwp_dashboard_setupincludes\dashboardapi.php:100

actionwp_dashboard_setupincludes\dashboardapi.php:217

actionwp_dashboard_setupincludes\dashboardapi.php:242

actioninitincludes\formhandler.php:9

actioninitincludes\formhandler.php:10

actionwp_login_failedincludes\jsjobs-hooks.php:7

filterauthenticateincludes\jsjobs-hooks.php:9

actionadmin_headincludes\jsjobs-hooks.php:38

actionregister_formincludes\jsjobs-hooks.php:46

filterregistration_errorsincludes\jsjobs-hooks.php:82

actionuser_registerincludes\jsjobs-hooks.php:95

actioninitincludes\jsjobs-hooks.php:285

actiondelete_userincludes\jsjobs-hooks.php:337

actionvc_before_initincludes\jsjobs-hooks.php:341

actionadmin_menuincludes\jsjobsadmin.php:9

filterpost_rewrite_rulesincludes\paramregister.php:34

filterpage_rewrite_rulesincludes\paramregister.php:42

filterroot_rewrite_rulesincludes\paramregister.php:54

filterquery_varsincludes\paramregister.php:66

actionparse_requestincludes\paramregister.php:850

filterredirect_canonicalincludes\paramregister.php:878

actionwidgets_initincludes\widgets\searchjobs.php:186

actionplugins_loadedjs-jobs.php:60

actiontemplate_redirectjs-jobs.php:61

actiontemplate_redirectjs-jobs.php:62

actionadmin_initjs-jobs.php:63

actionjsjobs_cronjobs_actionjs-jobs.php:64

actionadmin_initjs-jobs.php:67

actionadmin_initjs-jobs.php:68

actioninitjs-jobs.php:69

actionjsjob_delete_expire_session_datajs-jobs.php:70

actionwp_enqueue_scriptsjs-jobs.php:71

actionadmin_enqueue_scriptsjs-jobs.php:72

actionafter_setup_themejs-jobs.php:93

filtersafe_style_cssjs-jobs.php:95

filteraioseo_disable_shortcode_parsingjs-jobs.php:98

actionlogin_form_bottomjs-jobs.php:588

actioninitjs-jobs.php:598

actionwp_enqueue_scriptsjs-jobs.php:646

actionadmin_enqueue_scriptsjs-jobs.php:658

actiontemplate_redirectjs-jobs.php:662

actionwp_headjs-jobs.php:673

filterlogin_redirectjs-jobs.php:714

filterwp_mail_content_typemodules\common\model.php:535

filterwp_mail_content_typemodules\emailtemplate\model.php:1494

Scheduled Events 1

jsjob_delete_expire_session_data

Maintenance & Trust

JS Job Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 22, 2025

PHP min version

Downloads47K

Community Trust

Rating72/100

Number of ratings28

Active installs100

Alternatives

JS Job Manager Alternatives

WP Job Openings – Job Listing, Career Page and Recruitment Plugin

wp-job-openings

WP Job Openings plugin is the most simple yet powerful plugin for setting up a job listing page for your WordPress website.

40K 2 CVEs

Simple Job Board

simple-job-board

job board plugin for job listings, managing applicants, applications, categories, job types, taxonomies, career page, job openings, and recruiters

10K 13 CVEs

WP Job Portal – AI-Powered Recruitment System for Company or Job Board website

wp-job-portal

A smart, AI-powered job board plugin for WordPress. Build modern recruitment platforms with job listings, resume search, and intelligent matching.

8K 1 unpatched

Auto Delete Applications – Add-on for WP Job Openings

auto-delete-applications-add-on-for-wp-job-openings

100

This is an add-on for WP Job Openings Plugin, which will let you delete the received applications periodically. The plugin will let you specify a time …

1K No CVEs

Binary Job Listing – WordPress Clean and Modern Job Listing, Career Page

binary-job-listing

Binary Job Listing is the most powerful and incredibly feature-packed, advanced recruitment plugin that comes with gorgeous designs and has everything …

30 No CVEs

Developer Profile

JS Job Manager Developer Profile

JoomSky

3 plugins · 6K total installs

trust score

Avg Security Score

59/100

Avg Patch Time

357 days

View full developer profile

Detection Fingerprints

How We Detect JS Job Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/js-jobs/includes/jsjobsadmin.css/wp-content/plugins/js-jobs/includes/jsjobs.css/wp-content/plugins/js-jobs/assets/css/job.css/wp-content/plugins/js-jobs/assets/css/user.css/wp-content/plugins/js-jobs/assets/css/joblist.css/wp-content/plugins/js-jobs/assets/css/resume.css/wp-content/plugins/js-jobs/assets/css/common.css/wp-content/plugins/js-jobs/includes/captcha.js+8 more

Script Paths

https://www.google.com/jsapi?autoload={'modules':[{'name':'visualization','version':'1','packages':['corechart']}]}

Version Parameters

/wp-content/plugins/js-jobs/assets/css/job.css?ver=/wp-content/plugins/js-jobs/assets/css/user.css?ver=/wp-content/plugins/js-jobs/assets/css/joblist.css?ver=/wp-content/plugins/js-jobs/assets/css/resume.css?ver=/wp-content/plugins/js-jobs/assets/css/common.css?ver=/wp-content/plugins/js-jobs/assets/js/common.js?ver=/wp-content/plugins/js-jobs/assets/js/job.js?ver=/wp-content/plugins/js-jobs/assets/js/user.js?ver=/wp-content/plugins/js-jobs/assets/js/joblist.js?ver=/wp-content/plugins/js-jobs/assets/js/resume.js?ver=/wp-content/plugins/js-jobs/assets/js/payment.js?ver=/wp-content/plugins/js-jobs/assets/js/admin.js?ver=/wp-content/plugins/js-jobs/assets/js/shortcode.js?ver=

HTML / DOM Fingerprints

CSS Classes

jsjobs-job-detailjsjobs-job-listjsjobs-employer-profilejsjobs-company-profilejsjobs-resume-detailjsjobs-user-profilejsjobs-search-formjsjobs-pagination

Data Attributes

data-jsjobs-iddata-jsjobs-type

JS Globals

JSJOBSrequestJSJOBSincluderJSJOBSjsjobsjob_hub_optionsjob_manager_options

FAQ

JS Job Manager Security & Risk Analysis

Is JS Job Manager Safe to Use in 2026?

Critical Risk — Avoid

Key Concerns

JS Job Manager Security Vulnerabilities

CVEs by Year

Severity Breakdown

JS Job Manager Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

JS Job Manager Attack Surface

AJAX Handlers 2

Shortcodes 25

Scheduled Events 1

JS Job Manager Maintenance & Trust

Maintenance Signals

Community Trust

JS Job Manager Alternatives

WP Job Openings – Job Listing, Career Page and Recruitment Plugin

Simple Job Board

WP Job Portal – AI-Powered Recruitment System for Company or Job Board website

Auto Delete Applications – Add-on for WP Job Openings

Binary Job Listing – WordPress Clean and Modern Job Listing, Career Page

JS Job Manager Developer Profile

How We Detect JS Job Manager

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about JS Job Manager