Does WP-HR GDPR: GDPR Tools for Human Resources on WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-HR GDPR: GDPR Tools for Human Resources on WordPress compatible with WordPress 5.9.13?

According to WordPress.org data, WP-HR GDPR: GDPR Tools for Human Resources on WordPress 0.9 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Security & Risk Analysis

wordpress.org/plugins/wp-hr-gdpr

Now you can manage HR (Human Resource) GDPR processes from within your website with our exciting new plugin WP-HR GDPR. The plugin helps you draft a D …

10 active installs v0.9 PHP + WP + Updated Feb 28, 2022

data-protectiongdprhrhuman-resourcesprivacy-notice

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-HR GDPR: GDPR Tools for Human Resources on WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

WP-HR GDPR: GDPR Tools for Human Resources on WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The wp-hr-gdpr plugin version 0.9 exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of SQL queries using prepared statements and a clean vulnerability history with no known CVEs, there are significant areas of concern. The plugin has a notable attack surface, with four out of six AJAX handlers lacking authentication checks. Furthermore, the taint analysis reveals one high-severity flow with unsanitized paths, indicating a potential for exploitation if data is processed without proper validation. The presence of the `unserialize` function, often a vector for deserialization vulnerabilities, is another red flag. Despite the absence of historical vulnerabilities, the current code analysis points to potential weaknesses that require immediate attention, particularly the unprotected AJAX endpoints and the identified high-severity taint flow. The plugin's strengths lie in its SQL query practices and lack of historical issues, but the identified code-level risks overshadow these positives, suggesting a moderate to high risk level without remediation.

Key Concerns

High-severity taint flow with unsanitized paths
AJAX handlers without auth checks
Dangerous function: unserialize
Low percentage of properly escaped outputs
Bundled outdated library: Freemius v1.0

Vulnerabilities

None known

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Release Timeline

v0.9Current

v0.8

v0.7

v0.3.1

v0.3

v0.2

v0.1

Code Analysis

Analyzed Mar 17, 2026

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $employee['data'] );includes\admin\custom_tables\wp-hr-consent-table.php:82

unserialize$old_answer_chk_default1 = unserialize($old_answer_chk_default);includes\admin\templates\wp-hr-meta-box-field.php:48

unserialize$old_answer_chk_default = unserialize($old_answer_chk_default1);includes\admin\templates\wp-hr-meta-box-field.php:50

unserialize$value_checked = unserialize($value_checked);includes\admin\templates\wp-hr-meta-box-field.php:79

unserialize$old_answer_chk1 = unserialize($old_answer_chk);includes\admin\templates\wp-hr-meta-box-field.php:84

unserialize$old_answer_chk = unserialize($old_answer_chk1);includes\admin\templates\wp-hr-meta-box-field.php:86

unserialize$consent_aggrement = unserialize( $consent_data->data );includes\emails\class-email-data-protection-form.php:64

unserialize$value_checked=unserialize($value_checked);includes\frontend\shortcode-template\privacy-form-template.php:22

unserialize$old_answer_chk1= unserialize($old_answer_chk);includes\frontend\shortcode-template\privacy-form-template.php:30

unserialize$old_answer_chk=unserialize($old_answer_chk1);includes\frontend\shortcode-template\privacy-form-template.php:32

unserialize$consent_aggrement = unserialize( $consent_record->data );includes\functions.php:22

Bundled Libraries

Freemius1.0

SQL Query Safety

82% prepared11 total queries

Output Escaping

28% escaped113 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

<class-wp-hr-admin-custom-post> (includes\admin\class-wp-hr-admin-custom-post.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Attack Surface

Entry Points9

Unprotected4

AJAX Handlers 6

authwp_ajax_wphrgdpr_post_sortable_handleincludes\admin\class-wp-hr-admin-custom-post.php:27

authwp_ajax_wphr-hr-manage-trainingincludes\class-wp-hr-user-training.php:22

authwp_ajax_privacy_form_shortcode_saveincludes\frontend\class-wp-hr-shortcode-handler.php:23

noprivwp_ajax_privacy_form_shortcode_saveincludes\frontend\class-wp-hr-shortcode-handler.php:24

authwp_ajax_wphrgdpr_consent_form_save_frontincludes\frontend\class-wp-hr-shortcode-handler.php:25

noprivwp_ajax_wphrgdpr_consent_form_save_frontincludes\frontend\class-wp-hr-shortcode-handler.php:26

Shortcodes 3

[consent_form] includes\frontend\class-wp-hr-shortcode-handler.php:19

[privacy_policy] includes\frontend\class-wp-hr-shortcode-handler.php:20

[subject_access_request] includes\frontend\class-wp-hr-shortcode-handler.php:21

WordPress Hooks 37

actionadmin_enqueue_scriptsincludes\admin\class-wp-hr-admin-assets.php:20

actionadmin_enqueue_scriptsincludes\admin\class-wp-hr-admin-assets.php:21

actionafter_edit_recruitmentincludes\admin\class-wp-hr-admin-assets.php:22

actionafter_add_recruitmentincludes\admin\class-wp-hr-admin-assets.php:23

actionwphr_rec_opened_recruitmentincludes\admin\class-wp-hr-admin-assets.php:24

actionadd_job_informationincludes\admin\class-wp-hr-admin-assets.php:25

actionwphr_applicant_details_data_sectionincludes\admin\class-wp-hr-admin-assets.php:26

filterwphr_applicant_details_field_sectionincludes\admin\class-wp-hr-admin-assets.php:28

actionadmin_initincludes\admin\class-wp-hr-admin-custom-post.php:20

actionsave_postincludes\admin\class-wp-hr-admin-custom-post.php:22

actionpre_post_updateincludes\admin\class-wp-hr-admin-custom-post.php:23

actionadmin_menuincludes\admin\class-wp-hr-admin-custom-post.php:24

actionadmin_initincludes\admin\class-wp-hr-admin-custom-post.php:25

actionadmin_initincludes\admin\class-wp-hr-admin-custom-post.php:26

actionadmin_noticesincludes\admin\class-wp-hr-admin-custom-post.php:28

filterparse_queryincludes\admin\class-wp-hr-admin-custom-post.php:29

actionedit_form_topincludes\admin\class-wp-hr-admin-custom-post.php:30

actionedit_form_after_titleincludes\admin\class-wp-hr-admin-custom-post.php:31

filterenter_title_hereincludes\admin\class-wp-hr-admin-custom-post.php:32

filterdefault_contentincludes\admin\class-wp-hr-admin-custom-post.php:38

actioninitincludes\admin\class-wp-hr-admin.php:19

actionwphr_user_profile_roleincludes\admin\class-wp-hr-dpo.php:19

actionwphr_update_userincludes\admin\class-wp-hr-dpo.php:20

filterwphr_hr_get_caps_for_roleincludes\admin\class-wp-hr-dpo.php:22

filterwphr_hr_employee_single_tabsincludes\class-wp-hr-user-data.php:22

filterwphr_hr_localize_scriptincludes\class-wp-hr-user-data.php:23

filterwphr_email_classesincludes\class-wp-hr-user-data.php:24

actionwp_enqueue_scriptsincludes\frontend\class-wp-hr-frontend-assets.php:20

actionwp_enqueue_scriptsincludes\frontend\class-wp-hr-frontend-assets.php:21

actiontemplate_redirectincludes\frontend\class-wp-hr-frontend-assets.php:22

actionafter_wphr_recruitment_job_application_formincludes\frontend\class-wp-hr-frontend-assets.php:23

actionwphr_rec_applied_jobincludes\frontend\class-wp-hr-frontend-assets.php:24

actioninitincludes\frontend\class-wp-hr-shortcode-handler.php:22

filterconnect_urlwp-hr-gdpr.php:64

filterafter_skip_urlwp-hr-gdpr.php:65

filterafter_connect_urlwp-hr-gdpr.php:66

filterafter_pending_connect_urlwp-hr-gdpr.php:67

Maintenance & Trust

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 28, 2022

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Alternatives

GDPR

gdpr

100

This plugin is meant to assist with the GDPR obligations of a Data processor and Controller.

10K No CVEs

WP-HR Manager: The Human Resources Plugin for WordPress

wp-hr-manager

Easily add a powerful HR / human resource management system and employee self service (ESS) portal to your website. = Credits = This plugin uses [WP E …

300 1 CVE

hanapaena's Lite – Font & Style Manager – DSGVO/GDPR

ao-lfsmanager

Das Plugin Lite - Font & Style Manager ist die perfekte Lösung für alle, die sich der aktuellen Abmahnwelle, bezüglich Google-Schriftarten entzieh …

90 No CVEs

Gravity Forms Data Purge

gf-data-purge

Simple plugin to purge data from Gravity Forms Entries that are older that a certain number of days.

60 No CVEs

Hr Press Lite

hr-press-lite

Hr Press Lite is a modern Employee Management System to track attendance, breaks, and manage employees efficiently. HRM (Human Resource Management) is …

60 1 unpatched

Developer Profile

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Developer Profile

wphrmanager

2 plugins · 310 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

85 days

View full developer profile

Detection Fingerprints

How We Detect WP-HR GDPR: GDPR Tools for Human Resources on WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-hr-gdpr/assets/css/wp_hr_admin_custom_css.css/wp-content/plugins/wp-hr-gdpr/assets/js/wp_hr_admin_custom.js

Script Paths

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Version Parameters

/wp-content/plugins/wp-hr-gdpr/assets/css/wp_hr_admin_custom_css.css?ver=/wp-content/plugins/wp-hr-gdpr/assets/js/wp_hr_admin_custom.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-id="wphrgdpr_applicant_data"

JS Globals

admin_veriables

FAQ

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Security & Risk Analysis

Is WP-HR GDPR: GDPR Tools for Human Resources on WordPress Safe to Use in 2026?

Generally Safe

Key Concerns

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Security Vulnerabilities

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Release Timeline

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Attack Surface

AJAX Handlers 6

Shortcodes 3

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Maintenance & Trust

Maintenance Signals

Community Trust

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Alternatives

GDPR

WP-HR Manager: The Human Resources Plugin for WordPress

hanapaena's Lite – Font & Style Manager – DSGVO/GDPR

Gravity Forms Data Purge

Hr Press Lite

WP-HR GDPR: GDPR Tools for Human Resources on WordPress Developer Profile

How We Detect WP-HR GDPR: GDPR Tools for Human Resources on WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP-HR GDPR: GDPR Tools for Human Resources on WordPress