Currently, Patchman has two types of definitions. When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.

When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.

Patch and detection support for various versions of the supported applications are listed below:

Application

Patches

Bundle / Plan

Detection

WordPress

3.6 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Joomla

2.5 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Drupal

6.0 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Magento

1.9.2.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

WooCommerce

2.1.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

PrestaShop

1.6.0.1 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

Version detection for Prestashop is currently unavailable pending changes in the detection mechanism. Vulnerability patching functionality is unaffected.

Booked

 

 

all

Coppermine

 

 

all

Dolibarr

 

 

all

Dotproject

 

 

all

Feng Office

 

 

all

FrontAccounting

 

 

all

Gallery

 

 

all

LifeType

 

 

all

LimeSurvey

 

 

all major releases
(some plus versions)

LinPHA

 

 

all

LiveHelperChat

 

 

all

MailPoet

 

 

all

MediaWiki

 

 

all

MODX

 

 

all

Nextcloud

 

 

9.0.54 and later

NOCC

 

 

all

OpenBiblio

 

 

all

OpenCart

 

 

all

OrangeHRM

 

 

all

ownCloud

 

 

all

phpBB

 

 

all

phpESP

 

 

all

PHPFusion

 

 

all

phpList

 

 

all

phpMyChat

 

 

all

phpScheduleIt

 

 

all

PhpWiki

 

 

all

Pligg

 

 

all

SquirrelMail

 

 

all

TYPO3

 

 

all

vTiger

 

 

all

Wikiwig

 

 

all

XOOPS

 

 

all

YourLS

 

 

all

ZenPhoto

 

 

all


Plugins
The following plugins are fully supported by Patchman

Plugin

Version(s)

Bundle / Plan

all-in-one-seo-pack

2.3.9.2 and later

COVERAGE, COVERAGE+CLEAN

contact-form-7

3.6 and later

COVERAGE, COVERAGE+CLEAN

google-sitemap-generator

 

4.0.8 and later

COVERAGE, COVERAGE+CLEAN

jetpack

2.7 and later

COVERAGE, COVERAGE+CLEAN

tinymce-advanced

3.5.9 and later

COVERAGE, COVERAGE+CLEAN

wordpress-importer

0.6.2 and later

COVERAGE, COVERAGE+CLEAN

wordpress-seo

1.6.1 and later

COVERAGE, COVERAGE+CLEAN 


Specific (critical) vulnerabilities
Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:

Application / Plugin

Vulnerability / Fix

Version(s) covered by patches

Popup Builder

Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export

 3.63 - 3.0.5

ThemeGrill Demo Importer

Added check if user can manage options to prevent privilege escalation

 1.6.1 - 1.3.4

PhpUnit

Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring

 8.5.0 - 2.2.0

GDPR Cookie Consent

Added check if user can manage options to prevent privilege escalation

 1.8.2 - 1.6.6

Easy WP SMTP

Unauthenticated user to modify WordPress options

 1.3.9 - 1.2.8

InfiniteWP Client

Check added for add_site and read_site to avoid authentication bypass

 1.9.4.4 - 1.8.1

Duplicator

Adding hashes to file path to avoid arbitrary file download.

1.3.26 - 1.3.24 

Drupal Module: Coder

SA-CONTRIB-2016-039

7.x and 8.x

Drupal Module: RESTWS

SA-CONTRIB-2016-040

7.x

Drupal Module: Webform Multifile

SA-CONTRIB-2016-038

6.x and 7.x

Genericons

XSS in Genericons example file

WordPress 4.0.x and Genericons 3.1

MailPoet

Vulnerability in privilege checking

2.x

osCommerce

File Manager upload
Script/basename
Language Manager CSRF

2.2

PHPMailer

CVE-2016-10033
CVE-2016-10045

5.0.0 - 5.2.18
5.0.0 - 5.2.20

WP Supercache

Persistent XSS on cached page

0.x, 1.0, 1.1, 1.2, 1.3.x and 1.4.x

Please note that we are always continuing to expand the coverage of Patchman.