WP-Safety

Simple Dropbox Upload Security & Risk Analysis

wordpress.org/plugins/simple-dropbox-upload-form

Inserts an upload form for visitors to upload files to you Dropbox account without the need of a Dropbox developer account.

200 active installs v1.8.8.2 PHP + WP 3.3.0+ Updated Sep 18, 2013
apidropboxintegrationsimpleupload
83
B · Generally Safe
CVEs total1
Unpatched0
Last CVESep 14, 2013
Plugin page Download
Safety Verdict

Is Simple Dropbox Upload Safe to Use in 2026?

Mostly Safe

Score 83/100

Simple Dropbox Upload is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Sep 14, 2013Updated 12yr ago
Risk Assessment

The plugin 'simple-dropbox-upload-form' version 1.8.8.2 exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and shows no critical or high severity taint flows, several significant concerns are present. The static analysis reveals an unprotected AJAX handler, which is a direct entry point into the application that lacks authentication checks. Furthermore, the plugin uses the dangerous `unserialize` function five times, a known vector for deserialization vulnerabilities if user-controlled input is passed to it without proper sanitization. The vulnerability history, although showing no currently unpatched CVEs, highlights a past critical vulnerability related to unrestricted file uploads, which is a common and severe issue. The absence of capability checks on any entry points is also a critical oversight. Overall, the plugin has strengths in its SQL handling and lack of critical taint flows, but the presence of an unprotected AJAX endpoint, the repeated use of `unserialize`, and a history of critical file upload vulnerabilities necessitate caution.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function: unserialize used 5 times
  • No capability checks on any entry points
  • Low percentage of properly escaped output
  • History of a critical vulnerability
Vulnerabilities
1

Simple Dropbox Upload Security Vulnerabilities

CVEs by Year

1 CVE in 2013
2013
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2013-5963critical · 9.8Unrestricted Upload of File with Dangerous Type

Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload

Sep 14, 2013 Patched in 1.8.8.1 (3783d)
Code Analysis
Analyzed Mar 16, 2026

Simple Dropbox Upload Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
3 prepared
Unescaped Output
45
6 escaped
Nonce Checks
1
Capability Checks
0
File Operations
19
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserializereturn $this->setToken(unserialize($token));inc\Dropbox\OAuth\Zend.php:151
unserializereturn $this->setToken(unserialize($token['zend_oauth_token']));inc\Dropbox\OAuth\Zend.php:155
unserializereturn unserialize($result);inc\Dropbox\pear_includes\HTTP\OAuth\Store\Consumer\CacheLite.php:119
unserializereturn unserialize($result);inc\Dropbox\pear_includes\HTTP\OAuth\Store\Consumer\CacheLite.php:150
unserialize$data = unserialize($serialized);inc\Dropbox\pear_includes\HTTP\Request2\CookieJar.php:378

SQL Query Safety

100% prepared3 total queries

Output Escaping

12% escaped51 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wpsdb_settings_page (wp-dropbox.php:495)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Simple Dropbox Upload Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_choiceinc\wpsdb_auth.php:15

Shortcodes 1

[simple-wp-dropbox] wp-dropbox.php:1310
WordPress Hooks 8
actionadmin_print_scriptsinc\wpsdb_auth.php:11
actionadmin_print_stylesinc\wpsdb_auth.php:13
actioninitwp-dropbox.php:77
actionwp_headwp-dropbox.php:78
actionadmin_initwp-dropbox.php:1123
filterplugin_row_metawp-dropbox.php:1304
actionadmin_menuwp-dropbox.php:1312
actionadmin_initwp-dropbox.php:1314
Maintenance & Trust

Simple Dropbox Upload Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedSep 18, 2013
PHP min version
Downloads39K

Community Trust

Rating82/100
Number of ratings13
Active installs200
Alternatives

Simple Dropbox Upload Alternatives

Dropbox Upload Form

Dropbox Upload Form

dropbox-upload-form

A
85

Inserts a upload form for visitors to upload files to a Dropbox account

10 No CVEs
Simple Sugarsync Upload

Simple Sugarsync Upload

simple-sugarsync-upload

A
85

Inserts an upload form for visitors to upload files to you SugarSync account without the need of a SugarSync developer account.

10 No CVEs
ASPL Dropbox File Upload

ASPL Dropbox File Upload

aspl-dropbox-file-upload

A
85

Another Best Plugin for Integrate Dropbox With Your Upload Form.

10 No CVEs
Extension Access Manager

Extension Access Manager

extension-access-manager

A
100

Securely connect your Chrome extension to WordPress for uploading images and posting content via custom REST API.

0 No CVEs
Zapier for WordPress

Zapier for WordPress

zapier

A
98

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs
Developer Profile

Simple Dropbox Upload Developer Profile

hiphopsmurf

2 plugins · 210 total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
3783 days
View full developer profile
Detection Fingerprints

How We Detect Simple Dropbox Upload

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-dropbox-upload-form/css/wpsdb-style.css
Version Parameters
simple-dropbox-upload-form/css/wpsdb-style.css?build=

HTML / DOM Fingerprints

CSS Classes
wp-dropbox
Data Attributes
id="wpsdb-success"id="wpsdb-error"
Shortcode Output
<div class="wp-dropbox">
FAQ

Frequently Asked Questions about Simple Dropbox Upload