The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
curl https://example.com/wp-content/uploads/wpjobboard Search for this path / folder in search engines to find uploaded resumes.