cleantalk
Vulnerabilities and Security Researches

Dropshix, CVE-2025-49898

CVE, Research URL

CVE-2025-49898

Home page URL

Security reports for Dropshix

Application

Dropshix

Published on
Aug 15, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.
Affected versions
Min -, max 4.0.14.
Status
vulnerable
Previous vulnerability researches
Luzuk Team (CVE-2024-51871) , Nov 12, 2024
New vulnerability
Dropshix (CVE-2025-49898) , Aug 18, 2025
Vertical scroll slideshow gallery v2 (CVE-2025-49897) , Aug 18, 2025
ServerBuddy by PluginBuddy.com (CVE-2025-49895) , Aug 18, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-49869) , Aug 18, 2025
EventON (CVE-2025-8091) , Aug 18, 2025