Does WP Jobs have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Jobs have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Jobs compatible with WordPress 5.5.18?

According to WordPress.org data, WP Jobs 2.3.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is WP Jobs updated?

WP Jobs was last updated on Sep 14, 2020. Frequent updates are generally a positive security signal.

What is WP Jobs's security score?

WP Jobs has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Jobs Security & Risk Analysis

wordpress.org/plugins/wp-jobs

Post jobs on your WordPress site. User can apply and attach resume/CV for the jobs.

60 active installs v2.3.1 PHP + WP 4.5+ Updated Sep 14, 2020

resume-cv-attachmentwordpress-job-listing-pluginwordpress-jobswp-jobs

B · Generally Safe

CVEs total2

Unpatched0

Last CVESep 26, 2017

Plugin page Download

Safety Verdict

Is WP Jobs Safe to Use in 2026?

Mostly Safe

Score 84/100

WP Jobs is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Sep 26, 2017Updated 5yr ago

Risk Assessment

The "wp-jobs" plugin v2.3.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and includes a nonce check. The absence of file operations and external HTTP requests further reduces potential attack vectors. However, significant concerns arise from the code analysis, particularly the 59% rate of properly escaped outputs. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals 3 flows with unsanitized paths, including 2 of high severity, suggesting potential for code execution or sensitive data compromise if these flows are exploitable by attackers. The plugin's vulnerability history, with 2 past CVEs (one high and one medium severity) related to XSS and SQL injection, reinforces these concerns. Although there are no currently unpatched CVEs, the recurring nature of these vulnerability types, coupled with the static analysis findings, suggests a need for improved input sanitization and output escaping practices. The plugin has a relatively small attack surface with no unprotected entry points, which is positive, but the internal code quality issues pose a significant threat.

Key Concerns

High rate of unescaped output
Taint flows with unsanitized paths (High severity)
Past high severity SQL injection vulnerability
Past medium severity XSS vulnerability
Taint flows with unsanitized paths

Vulnerabilities

WP Jobs Security Vulnerabilities

CVEs by Year

2 CVEs in 2017

2017

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2017-14751medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Jobs < 1.7 - Cross-Site Scripting

Sep 26, 2017 Patched in 1.7 (2310d)

CVE-2017-9603high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Jobs < 1.5 - SQL Injection

Jun 11, 2017 Patched in 1.5 (2417d)

Code Analysis

Analyzed Mar 16, 2026

WP Jobs Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

59% escaped80 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

<joblisting> (template-files\joblisting.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Jobs Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_update_wpjobs_optionswp-jobs.php:421

Shortcodes 1

[job_listing] wp-jobs.php:473

WordPress Hooks 13

actionwp_enqueue_scriptswp-jobs.php:18

actioninitwp-jobs.php:25

actionwp_enqueue_scriptswp-jobs.php:61

actioninitwp-jobs.php:122

actionwp_mail_failedwp-jobs.php:140

actioninitwp-jobs.php:179

actionadmin_menuwp-jobs.php:190

actionadd_meta_boxeswp-jobs.php:210

actionadd_meta_boxeswp-jobs.php:303

actionsave_postwp-jobs.php:311

filtertemplate_redirectwp-jobs.php:359

filtertemplate_redirectwp-jobs.php:369

actionadmin_enqueue_scriptswp-jobs.php:402

Maintenance & Trust

WP Jobs Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedSep 14, 2020

PHP min version

Downloads13K

Community Trust

Rating80/100

Number of ratings4

Active installs60

Alternatives

WP Jobs Alternatives

No alternatives data available yet.

Developer Profile

WP Jobs Developer Profile

DraftPress Team

12 plugins · 613K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

1011 days

View full developer profile

Detection Fingerprints

How We Detect WP Jobs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-jobs/css/bootstrap-responsive.min.css/wp-content/plugins/wp-jobs/css/bootstrap.min.css/wp-content/plugins/wp-jobs/css/styles.css/wp-content/plugins/wp-jobs/js/bootstrap.min.js

Script Paths

/wp-content/plugins/wp-jobs/js/bootstrap.min.js

Version Parameters

wp-jobs/css/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp_jobs_designation

FAQ