Does Dropbox Photo Sideloader have any unpatched vulnerabilities?

No. All known vulnerabilities in Dropbox Photo Sideloader have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dropbox Photo Sideloader compatible with WordPress 4.0.38?

According to WordPress.org data, Dropbox Photo Sideloader 0.6 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Dropbox Photo Sideloader updated?

Dropbox Photo Sideloader was last updated on Sep 8, 2014. Frequent updates are generally a positive security signal.

What is Dropbox Photo Sideloader's security score?

Dropbox Photo Sideloader has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dropbox Photo Sideloader Security & Risk Analysis

wordpress.org/plugins/dropbox-photo-sideloader

Adds a new tab to the Add media screen, allowing you to pull images from Dropbox into WordPress.

200 active installs v0.6 PHP + WP 4.0+ Updated Sep 8, 2014

dropboximagemediaphotosideload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dropbox Photo Sideloader Safe to Use in 2026?

Generally Safe

Score 85/100

Dropbox Photo Sideloader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The plugin 'dropbox-photo-sideloader' v0.6 presents a mixed security posture. While it demonstrates good practices by avoiding dangerous functions and using prepared statements for all SQL queries, and has no recorded vulnerability history, there are significant concerns regarding its attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a direct entry point for unauthenticated users. Furthermore, the taint analysis reveals a flow with unsanitized paths, which, while not flagged as critical or high severity in this static analysis, represents a potential risk for directory traversal or local file inclusion vulnerabilities if not handled carefully. The limited output escaping (36%) is also a concern, potentially leading to cross-site scripting vulnerabilities if user-supplied data is not properly sanitized before being displayed.

Key Concerns

Unprotected AJAX handlers
Unsanitized path taint flow
Low percentage of properly escaped output

Vulnerabilities

None known

Dropbox Photo Sideloader Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Dropbox Photo Sideloader Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

36% escaped14 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

dbsideload_ajax_get_thumb (dropbox-photo-sideloader.php:419)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Dropbox Photo Sideloader Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_dbsideload_get_dirdropbox-photo-sideloader.php:347

authwp_ajax_dbsideload_get_thumbdropbox-photo-sideloader.php:417

WordPress Hooks 5

actioninitdropbox-photo-sideloader.php:20

filtermedia_upload_tabsdropbox-photo-sideloader.php:43

actionmedia_upload_dbsideloadphotosdropbox-photo-sideloader.php:49

filterhttps_ssl_verifydropbox-photo-sideloader.php:210

actiontemplate_redirectdropbox-photo-sideloader.php:236

Maintenance & Trust

Dropbox Photo Sideloader Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 8, 2014

PHP min version

Downloads20K

Community Trust

Rating60/100

Number of ratings5

Active installs200

Alternatives

Dropbox Photo Sideloader Alternatives

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

Easy Watermark

easy-watermark

Allows to add watermark to images automatically on upload or manually.

40K 1 CVE

WP Paint – WordPress Image Editor

wp-paint

WP Paint - WordPress Image Editor is a browser based Image Editor for WordPress media images.

6K No CVEs

Cache Images

cache-images

Goes through your posts and gives you the option to cache all hotlinked images from a domain locally in your upload folder

1K 2 CVEs

Automatic Featured Image Posts

automatic-featured-image-posts

Automatic Featured Image Posts creates a new post with a Featured Image every time an image is uploaded.

300 No CVEs

Developer Profile

Dropbox Photo Sideloader Developer Profile

Samuel Wood (Otto)

9 plugins · 167K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

3759 days

View full developer profile

Detection Fingerprints

How We Detect Dropbox Photo Sideloader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dropbox-photo-sideloader/css/style.css

Script Paths

/wp-content/plugins/dropbox-photo-sideloader/js/dbsideload.js

Version Parameters

dropbox-photo-sideloader/css/style.css?ver=dropbox-photo-sideloader/js/dbsideload.js?ver=

HTML / DOM Fingerprints

HTML Comments

<!-- These aren't needed anymore, but you can use them in your wp-config.php if you want to skip the configuration steps in the plugin screen. -->

Data Attributes

name="dbsideload[key]"name="dbsideload[secret]"name="dbsideloadfiles"

JS Globals

dbsideload_poptastic

FAQ