WP-Safety

Dropify Security & Risk Analysis

wordpress.org/plugins/wc-dropi-integration

This plugin enables the import of products from the dropi platform to woocomerce

2K active installs v4.7.2 PHP 7.0+ WP 5.2.3+ Updated Jan 29, 2026
dropidropshippingwoocommerce
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 24, 2025
Download
Safety Verdict

Is Dropify Safe to Use in 2026?

Mostly Safe

Score 78/100

Dropify is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jun 24, 2025Updated 2mo ago
Risk Assessment

The "wc-dropi-integration" v4.7.2 plugin presents a mixed security posture. On the positive side, it has a limited attack surface with no apparent unprotected entry points and utilizes nonces effectively. The presence of capability checks, though zero in this analysis, would further strengthen its security. However, significant concerns arise from the static analysis. The frequent use of the dangerous `unserialize` function, coupled with a high percentage of unsanitized taint flows (4 out of 6 analyzed), indicates a substantial risk of deserialization vulnerabilities and potential code execution if attacker-controlled data reaches these points. The plugin also exhibits a concerning trend in its vulnerability history, with a known medium-severity CVE that remains unpatched and a history of Cross-site Scripting vulnerabilities, suggesting a recurring weakness in input handling and output sanitization that needs immediate attention. While some aspects like proper output escaping and prepared statement usage are positive, the combination of dangerous function usage, unsanitized taint flows, and a persistent unpatched vulnerability creates a notable security risk.

Key Concerns

  • Unpatched CVE: 1 medium severity
  • Taint flows with unsanitized paths: 4 critical/high
  • Dangerous functions used: unserialize (8 times)
  • Capability checks: 0
Vulnerabilities
1

Dropify Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-53286medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dropify <= 4.6.9 - Reflected Cross-Site Scripting

Jun 24, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Dropify Code Analysis

Dangerous Functions
8
Raw SQL Queries
9
6 prepared
Unescaped Output
23
93 escaped
Nonce Checks
7
Capability Checks
0
File Operations
2
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserialize$dropi_data = unserialize(get_post_meta($product->get_ID(),'_dropi_product',true));clasess\Dropi.php:170
unserialize$dropi_var = unserialize(get_post_meta($prod_var['variation_id'],'_dropi_variation',true));clasess\Dropi.php:182
unserialize$unserialized = unserialize($dropi_product);clasess\models\OrdersModel.php:108
unserialize$unserialized = unserialize($dropi_product);clasess\models\OrdersModel.php:155
unserialize$dropi_variation = unserialize($dropi_variation);clasess\models\OrdersModel.php:192
unserialize$unserialized = unserialize($dropi_product);clasess\Products.php:235
unserialize$dropi_data = unserialize(get_post_meta($product->get_ID(),'_dropi_product',true));clasess\tables\SyncedProdTable.php:47
unserialize$unserialized = unserialize($dropi_product);clasess\Woocomerce.php:33

SQL Query Safety

40% prepared15 total queries

Output Escaping

80% escaped116 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
getProducts (clasess\views\Products.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Dropify Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

noprivwp_ajax_get-woo-productsclasess\Products.php:293
authwp_ajax_get-woo-productsclasess\Products.php:294
noprivwp_ajax_importclasess\Products.php:298
authwp_ajax_importclasess\Products.php:299
authwp_ajax_send_order_to_dropiclasess\Woocomerce.php:289
noprivwp_ajax_importclasess\Woocomerce.php:290
WordPress Hooks 29
actionadmin_initclasess\Dropi.php:22
actionadmin_enqueue_scriptsclasess\Dropi.php:23
actionadmin_menuclasess\Dropi.php:24
filtercron_schedulesclasess\Dropi.php:271
actionupdate_stock_eventclasess\Dropi.php:276
actionadmin_menuclasess\Products.php:289
actionadmin_enqueue_scriptsclasess\Products.php:291
filtermanage_edit-product_columnsclasess\Products.php:302
actionmanage_product_posts_custom_columnclasess\Products.php:305
filterset-screen-optionclasess\Settings.php:92
actionadmin_menuclasess\Settings.php:94
filterwoocommerce_default_address_fieldsclasess\StatesPlaces.php:24
filterwoocommerce_statesclasess\StatesPlaces.php:51
filterwoocommerce_billing_fieldsclasess\StatesPlaces.php:59
filterwoocommerce_shipping_fieldsclasess\StatesPlaces.php:60
filterwoocommerce_form_field_cityclasess\StatesPlaces.php:61
actionwp_enqueue_scriptsclasess\StatesPlaces.php:63
filterset-screen-optionclasess\SyncedInfo.php:86
actionadmin_menuclasess\SyncedInfo.php:88
actionadmin_headclasess\Woocomerce.php:284
filterwoocommerce_admin_order_actionsclasess\Woocomerce.php:286
actionwoocommerce_order_status_changedclasess\Woocomerce.php:293
actionmanage_shop_order_posts_custom_columnclasess\Woocomerce.php:298
filtermanage_edit-shop_order_columnsclasess\Woocomerce.php:301
actionadmin_enqueue_scriptsclasess\Woocomerce.php:303
filterbulk_actions-edit-shop_orderclasess\Woocomerce.php:306
filterhandle_bulk_actions-edit-shop_orderclasess\Woocomerce.php:309
actionadmin_noticesclasess\Woocomerce.php:312
actionplugins_loadedwc-dropi-integration.php:80

Scheduled Events 1

update_stock_event
Maintenance & Trust

Dropify Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 29, 2026
PHP min version7.0
Downloads36K

Community Trust

Rating56/100
Number of ratings5
Active installs2K
Alternatives

Dropify Alternatives

AppScenic – Smart AI Dropshipping

AppScenic – Smart AI Dropshipping

appscenic

A
92

Expand your store catalogue with no upfront inventory cost. Source high-quality products from verified domestic suppliers and use AI in the process.

2K No CVEs
EPROLO-Dropshipping

EPROLO-Dropshipping

eprolo-dropshipping

A
98

EPROLO dropshipping allows to import products from Aliexpress or EPROLO to wordpress, woocommerce in one click.

1K 2 CVEs
FG PrestaShop to WooCommerce

FG PrestaShop to WooCommerce

fg-prestashop-to-woocommerce

A
99

A plugin to migrate PrestaShop e-commerce solution to WooCommerce

1K 2 CVEs
Spocket ‑ US & EU Dropshipping

Spocket ‑ US & EU Dropshipping

spocket

A
85

Find fast shipping products from reliable suppliers, import them to your WooCommerce store and manage your orders automatically: all for free.

1K No CVEs
Shipping Packages for WooCommerce – Dropship from multiple locations like AliExpress, eBay, Amazon, Etsy

Shipping Packages for WooCommerce – Dropship from multiple locations like AliExpress, eBay, Amazon, Etsy

wc-shipping-packages

A
100

Offer separate shipping from multiple vendors by grouping products in the cart into packages, so they can be shipped with different shipping methods.

1K No CVEs
Developer Profile

Dropify Developer Profile

Jhainey Milevis

2 plugins · 2K total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dropify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wc-dropi-integration/css/styles.css
Version Parameters
wc-dropi-integration/style.css?ver=wc-dropi-integration/scripts/dropi.js?ver=wc-dropi-integration/scripts/dropi_orders.js?ver=

HTML / DOM Fingerprints

CSS Classes
dropi-settings
HTML Comments
<!-- Checkbox to authorize woocommerce to update periodically the stock of synced products -->
Data Attributes
id="dropi-woocomerce-autosync_orders"name="dropi-woocomerce-autosync_orders"id="dropi-woocomerce-create_product_if_no_exist"name="dropi-woocomerce-create_product_if_no_exist"id="dropi-woocomerce-deactive_cities_and_departments"name="dropi-woocomerce-deactive_cities_and_departments"+2 more
JS Globals
JPIODFW_Dropi
FAQ

Frequently Asked Questions about Dropify