Does My Resume Builder have any unpatched vulnerabilities?

Yes — My Resume Builder currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is My Resume Builder compatible with WordPress 5.7.15?

According to WordPress.org data, My Resume Builder 1.0.3 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is My Resume Builder compatible with PHP 5.6+?

My Resume Builder requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is My Resume Builder updated?

My Resume Builder was last updated on Jul 30, 2021. Frequent updates are generally a positive security signal.

What is My Resume Builder's security score?

My Resume Builder has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

My Resume Builder Security & Risk Analysis

wordpress.org/plugins/my-resume-builder

My Resume Builder allows you to create a beautifully formatted Resumes in minutes.

50 active installs v1.0.3 PHP 5.6+ WP 5.0+ Updated Jul 30, 2021

resume-buildercurriculum-vitaecvmy-resume-builderresume

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 27, 2025

Plugin page Download

Safety Verdict

Is My Resume Builder Safe to Use in 2026?

Use With Caution

Score 63/100

My Resume Builder has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 27, 2025Updated 4yr ago

Risk Assessment

The "my-resume-builder" plugin v1.0.3 exhibits a mixed security posture. On the positive side, static analysis reveals no apparent direct attack surface through AJAX handlers, REST API routes, shortcodes, or cron events, and no dangerous functions or file operations were detected. All detected SQL queries utilize prepared statements, which is a strong security practice. However, a significant concern is the 80% output escaping rate, indicating that 20% of output operations may be vulnerable to Cross-Site Scripting (XSS) attacks, especially given the lack of strict capability checks and nonce checks on potential entry points. The plugin also bundles the TinyMCE library, which, if outdated or unpatched, could introduce its own vulnerabilities.

The plugin's vulnerability history is a major red flag, with one unpatched medium-severity CVE related to XSS. The fact that this vulnerability is dated in the future (2025-06-27) is unusual and might indicate a reporting error or a pre-announced vulnerability, but it still signifies a known security flaw. The absence of taint analysis results and the low number of observed flows could mean that the analysis was incomplete or that the plugin simply doesn't have complex data processing that would trigger such findings. Nevertheless, the presence of a known, unpatched XSS vulnerability is a critical concern that overshadows the otherwise clean static analysis in some areas.

In conclusion, while the plugin demonstrates good practices in areas like SQL handling and a limited direct attack surface, the high rate of potentially unescaped output and, more critically, the existence of an unpatched XSS vulnerability present a substantial risk. The lack of explicit authentication or permission checks on entry points (though there are no entry points detected in this analysis) combined with potential output escaping issues warrants caution. Users should prioritize updating to a version that addresses the known XSS vulnerability, and further security auditing focusing on the output escaping logic would be advisable.

Key Concerns

Unpatched Medium CVE (XSS)
Potentially unescaped output (20%)
Bundled library (TinyMCE)
No Nonce checks detected
No Capability checks detected

Vulnerabilities

My Resume Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-53336medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

My Resume Builder <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 27, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

My Resume Builder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

81 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

80% escaped101 total outputs

Attack Surface

My Resume Builder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actioninitmy-resume-builder.php:34

actionadmin_enqueue_scriptsmy-resume-builder.php:58

actionadd_meta_boxes_mrbmy-resume-builder.php:60

actionsave_postmy-resume-builder.php:388

filtersingle_templatemy-resume-builder.php:393

actionwp_enqueue_scriptstemplates\my-resume.php:11

Maintenance & Trust

My Resume Builder Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJul 30, 2021

PHP min version5.6

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

My Resume Builder Alternatives

Viadeo Resume

viadeo-resume

Viadeo is the second professional social networks around the world with a total membership base of over 45 million professionals.

10 No CVEs

Docs Viewer Add-On for WP Job Openings

docs-viewer-add-on-for-wp-job-openings

100

The plugin will add a preview of the uploaded resume in the applicant detail page of WP Job Openings Plugin. You need not download the uploaded resume …

6K No CVEs

Resume / CV

resume-cv

Resume CV WordPress Plugin . Easily build resume with wordpress.

400 No CVEs

HM Resume Manager

hm-resume-manager

WordPress Resume Manager plugin to display and manage personal resume or CV at your WordPress webpage.

200 No CVEs

Resume CV Block

resume-cv-block

Beautiful Resume CV Gutenberg Block for everyone who wants to publish a nice Resume/CV.

70 No CVEs

Developer Profile

My Resume Builder Developer Profile

abditsori

2 plugins · 60 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect My Resume Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/my-resume-builder/js/admin-script.js/wp-content/plugins/my-resume-builder/js/bootstrap.min.js/wp-content/plugins/my-resume-builder/js/media_uploader.js/wp-content/plugins/my-resume-builder/js/ckeditor/ckeditor.js/wp-content/plugins/my-resume-builder/css/bootstrap.min.css/wp-content/plugins/my-resume-builder/css/custom.css/wp-content/plugins/my-resume-builder/css/fontawesome-all.min.css

Script Paths

Version Parameters

my-resume-builder/js/admin-script.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

nav-linkactiveshowtab-contenttab-panefadeheadingfields-section+2 more

HTML Comments

Data Attributes

data-togglearia-controlsaria-selectedrolearia-labelledbydata-last_index

JS Globals

window.jQuery

FAQ