cleantalk
Vulnerabilities and Security Researches

Dropify, CVE-2025-53286

CVE, Research URL

CVE-2025-53286

Home page URL

Security reports for Dropify

Application

Dropify

Published on
Nov 06, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through <= 4.6.9.
Affected versions
max 4.6.9.
Status
vulnerable
Previous vulnerability researches
GSpeech &#8211; Text To Speech Audio Accessibility (CVE-2025-10187) , Nov 10, 2025
New vulnerability
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer (CVE-2025-62048) , Nov 11, 2025
Team Member Showcase Staff List Plugin &#8211; Employee Spotlight (CVE-2025-12090) , Nov 11, 2025
WPeMatico RSS Feed Fetcher (CVE-2025-49922) , Nov 11, 2025
Cost Calculator Builder (CVE-2025-9243) , Nov 11, 2025
Off-Canvas Sidebars &amp; Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025