cleantalk
Vulnerabilities and Security Researches

Dropify, CVE-2025-53286

CVE, Research URL

CVE-2025-53286

Home page URL

Security reports for Dropify

Application

Dropify

Published on
Nov 06, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through <= 4.6.9.
Affected versions
max 4.6.9.
Status
vulnerable
Previous vulnerability researches
SNORDIAN&#039;s H5PxAPIkatchu (CVE-2025-30821) , Apr 02, 2025
New vulnerability
WP Store Locator (CVE-2025-52737) , Nov 11, 2025
WP Geo (CVE-2025-62904) , Nov 11, 2025
Emails Catch All (CVE-2025-60041) , Nov 11, 2025
SH Contextual Help (CVE-2025-12410) , Nov 11, 2025
Document Embedder (CVE-2025-12384) , Nov 11, 2025