The whole plugin looks great, and is well organised and functionally hits the nail on the head.
One thing though: uploaded CVs are placed into the public upload area, and are not protected in any way (e.g. the original filename is retained). Uploading a CV, I was able to download it from another browser when not even logged in.
The CVs need to be protected behind a security fence so that only administrators (or whatever role manages the job applications) can download them.
- The topic ‘[Plugin: Job Manager] Uploaded CV Security’ is closed to new replies.