Does Drop in Dropbox have any unpatched vulnerabilities?

No. All known vulnerabilities in Drop in Dropbox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Drop in Dropbox compatible with WordPress 3.4.2?

According to WordPress.org data, Drop in Dropbox 0.2.7 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Drop in Dropbox updated?

Drop in Dropbox was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Drop in Dropbox's security score?

Drop in Dropbox has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Drop in Dropbox Security & Risk Analysis

wordpress.org/plugins/drop-in-dropbox

Upload single files or entire directories with subdirectories to your Dropbox account.

10 active installs v0.2.7 PHP + WP 3.2+ Updated Unknown

backupdirectoriesdropboxfilesupload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Drop in Dropbox Safe to Use in 2026?

Generally Safe

Score 100/100

Drop in Dropbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The plugin 'drop-in-dropbox' v0.2.7 exhibits several concerning security practices despite a lack of recorded vulnerabilities. The static analysis reveals a significant issue with output escaping, as 0% of the 7 total outputs are properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. Additionally, the presence of the `unserialize` function without accompanying sanitization or validation is a critical risk, as it can be exploited to execute arbitrary code. The taint analysis, while reporting no critical or high severity flows, did identify 2 flows with unsanitized paths, which warrants further investigation, especially in conjunction with the `unserialize` function. The plugin's attack surface is currently reported as zero, and there are no known CVEs, which is positive. However, the code signals, particularly the unescaped outputs and the dangerous use of `unserialize`, indicate a weak security posture that could be easily exploited if an attacker can find a way to inject malicious data.

Key Concerns

Dangerous function unserialize present
0% of outputs properly escaped
Taint analysis shows unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

Drop in Dropbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Drop in Dropbox Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$files = unserialize($files);functions.php:66

Output Escaping

0% escaped7 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<run1> (run1.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Drop in Dropbox Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_initdrop-in-dropbox.php:25

actionadmin_menudrop-in-dropbox.php:26

filterplugin_action_linksdrop-in-dropbox.php:182

Maintenance & Trust

Drop in Dropbox Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedUnknown

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Drop in Dropbox Alternatives

XM-Backup

xm-backup

Does a backup of your Wordpress database and, or your files in wp-content/uploads and saves it in a safe location.

60 1 unpatched

Filestack

filepicker-media-uploader

Use Filestack to upload files directly from Facebook, Instagram, Google Images and more for your WordPress site, without ever leaving WordPress.

20 1 unpatched

FileOrganizer – WordPress File Manager

fileorganizer

FileOrganizer is an intuitive file manager to easily edit, delete, upload, download, and manage all your WordPress files and folders right from the da …

200K 5 CVEs

Clean Image Filenames

clean-image-filenames

100

This plugin automatically converts language accent characters to non-accent characters in filenames when uploading to the media library.

30K No CVEs

File Upload Types by WPForms

file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K 1 CVE

Developer Profile

Drop in Dropbox Developer Profile

Denis Buka

3 plugins · 40 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Drop in Dropbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/drop-in-dropbox/drop-in-dropbox.css/wp-content/plugins/drop-in-dropbox/drop-in-dropbox.js

Script Paths

/wp-content/plugins/drop-in-dropbox/drop-in-dropbox.js

HTML / DOM Fingerprints

HTML Comments

+9 more

Data Attributes

name="drop_drop_options[drop_drop_email]"name="drop_drop_options[drop_drop_pwd]"name="drop_drop_options[drop_drop_loc_dir]"name="drop_drop_options[drop_drop_rem_dir]"name="drop_drop_abort"name="refresh"+1 more

Shortcode Output

<a target="_blank" href="http://db.tt/Og2TFSR4">Sign up for Dropbox »</a>

FAQ