WP Job Manager – Company Profiles Security & Risk Analysis

The "wp-job-manager-companies" v1.8 plugin exhibits a generally positive security posture with its static analysis results. A notable strength is the complete absence of dangerous functions, file operations, and external HTTP requests, which significantly reduces the attack surface. Furthermore, all identified output points are properly escaped, and there are no critical or high severity taint flows detected, indicating good practices in preventing common web vulnerabilities like Cross-Site Scripting and data leaks.

However, there are areas of concern that warrant attention. The plugin has a single known medium severity CVE related to Cross-Site Scripting that is currently patched, but its history suggests past vulnerabilities of this type. The most significant code-level concern is the presence of a SQL query that does not utilize prepared statements, which could potentially be vulnerable to SQL injection if not handled meticulously within the application logic. Additionally, the lack of any nonce or capability checks across its entry points, particularly for its single shortcode, leaves it open to potential unauthorized actions or information disclosure if the shortcode's functionality is sensitive.

In conclusion, while the plugin has demonstrated improvements by patching its known vulnerabilities and implementing proper output escaping, the un-prepared SQL query and the absence of authentication/authorization checks on its entry points present a tangible risk. The history of a past XSS vulnerability, although patched, highlights the importance of ongoing vigilance and robust security measures.