Which applications does Patchman detect and fix?
If you want to be notified every time we add new patches and signatures, please see Can you notify me every time a new vulnerability patch is released?
Currently, Patchman has two types of definitions.
When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.
When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.
Patch and detection support for various versions of the supported applications are listed below. If you think there is a vulnerability in one of these applications that Patchman does not patch, please check Why is vulnerability X not fixed by Patchman? for more information.
Application | Patches | Bundle / Plan (for patching) | Version detection (all plans) |
|---|---|---|---|
WordPress | 3.6 and later | Patchman CORE, | all |
Joomla | 2.5 and later | Patchman CORE, | all |
Drupal | 6.0 and later | Patchman CORE, | all |
Magento | 1.9.2.0 and later | Patchman COVERAGE, | all |
WooCommerce | 2.1.0 and later | Patchman COVERAGE, | all |
PrestaShop | 1.6.0.1 and later | Patchman COVERAGE, | all |
Booked |
|
| all |
Coppermine |
|
| all |
Dolibarr |
|
| all |
Dotproject |
|
| all |
Feng Office |
|
| all |
FrontAccounting |
|
| all |
Gallery |
|
| all |
LifeType |
|
| all |
LimeSurvey |
|
| all major releases |
LinPHA |
|
| all |
LiveHelperChat |
|
| all |
MailPoet | Specific, see below | Specific, see below | none |
MediaWiki |
|
| all |
MODX |
|
| all |
Nextcloud |
|
| 9.0.54 and later |
NOCC |
|
| all |
OpenBiblio |
|
| all |
OpenCart |
|
|
Version detection currently doesn’t work for OpenCart. We will publish a fix soon. |
OrangeHRM |
|
| all |
osCommerce | Specific, see below | Specific, see below | 2.2 - 2.4 |
ownCloud |
|
| all |
phpBB |
|
| all |
phpESP |
|
| all |
PHPFusion |
|
| all |
phpList |
|
| all |
phpMyChat |
|
| all |
phpScheduleIt |
|
| all |
PhpWiki |
|
| all |
Pligg |
|
| all |
SquirrelMail |
|
| all |
TYPO3 |
|
| all |
vTiger |
|
| all |
Wikiwig |
|
| all |
XOOPS |
|
| all |
YourLS |
|
| all |
ZenPhoto |
|
| all |
Plugins and libraries
A list of plugins fully supported by Patchman for patching and/or version detection is included below. If you are wondering why a specific plugin is not part of our coverage, please check Why is plugin X not patched by Patchman? for more information.
Plugin | Version(s) | Bundle / Plan (for patching) | Version detection (all plans) |
|---|---|---|---|
WordPress Plugin: | 3.5.9 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | 2.3.9.2 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | 3.6 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | 4.0.8 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | 2.7 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | Specific, see below | Specific, see below | all |
WordPress Plugin: | 0.6.2 and later | COVERAGE, COVERAGE+CLEAN | all |
WordPress Plugin: | 1.6.1 and later | COVERAGE, COVERAGE+CLEAN | all |
Joomla! Plugin: | all | ||
Joomla! Plugin: | all |
Library | Version(s) | Bundle / Plan (for patching) | Version detection (all plans) |
|---|---|---|---|
PhpUnit | Specific, see below | Specific, see below | all |
Specific (critical) vulnerabilities
Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:
Application | Vulnerability / Fix | Bundle / Plan | Version(s) covered by patches |
|---|---|---|---|
MailPoet | Vulnerability in privilege checking | CORE, COVERAGE, COVERAGE+CLEAN | 2.x |
osCommerce | File Manager upload | CORE, COVERAGE, COVERAGE+CLEAN | 2.2 |
Plugin | Vulnerability / Fix | Bundle / Plan | Version(s) covered by patches |
|---|---|---|---|
WordPress Plugin: | Adding hashes to file path to avoid arbitrary file download. | COVERAGE, COVERAGE+CLEAN | 1.3.26 - 1.3.24 |
WordPress Plugin: | Unauthenticated user to modify WordPress options | COVERAGE, COVERAGE+CLEAN | 1.3.9 - 1.2.8 |
WordPress Plugin: | Added check if user can manage options to prevent privilege escalation | COVERAGE, COVERAGE+CLEAN | 1.8.2 - 1.6.6 |
WordPress Plugin: | Check added for add_site and read_site to avoid authentication bypass | COVERAGE, COVERAGE+CLEAN | 1.9.4.4 - 1.8.1 |
WordPress Plugin: | Added authorization check to AJAX actions Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export | COVERAGE, COVERAGE+CLEAN | 3.72 - 3.0.5
|
WordPress Plugin: | Added check if user can manage options to prevent privilege escalation | COVERAGE, COVERAGE+CLEAN | 1.6.1 - 1.3.4 |
WordPress Plugin: | Added checks in settings page to prevent authenticated remote code execution (RCE) Persistent XSS on cached page | CORE, COVERAGE, COVERAGE+CLEAN | 1.7.1 - 1.4.5
|
Drupal Module: | SA-CONTRIB-2016-039 | CORE, COVERAGE, COVERAGE+CLEAN | 7.x and 8.x |
Drupal Module: | SA-CONTRIB-2016-040 | CORE, COVERAGE, COVERAGE+CLEAN | 7.x |
Drupal Module: | SA-CONTRIB-2016-038 | CORE, COVERAGE, COVERAGE+CLEAN | 6.x and 7.x |
Library | Vulnerability / Fix | Bundle / Plan | Version(s) covered by patches |
|---|---|---|---|
Genericons | XSS in Genericons example file | CORE, COVERAGE, COVERAGE+CLEAN | WordPress 4.0.x and Genericons 3.1 |
PHPMailer | CVE-2020-36326 | CORE, COVERAGE, COVERAGE+CLEAN | 5.2.4 - 6.4.0 |
PhpUnit | Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring | COVERAGE, COVERAGE+CLEAN | 8.5.0 - 2.2.0 |