Which applications does Patchman detect and fix?

If you want to be notified every time we add new patches and signatures, please see Can you notify me every time a new vulnerability patch is released?

Currently, Patchman has two types of definitions.

When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.
When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.

Patch and detection support for various versions of the supported applications are listed below. If you think there is a vulnerability in one of these applications that Patchman does not patch, please check Why is vulnerability X not fixed by Patchman? for more information.

Application	Patches	Bundle / Plan (for patching)	Version detection (all plans)
WordPress	3.6 and later	Patchman CORE, Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
Joomla	2.5 and later	Patchman CORE, Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
Drupal	6.0 and later	Patchman CORE, Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
Magento	1.9.2.0 and later	Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
WooCommerce	2.1.0 and later	Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
PrestaShop	1.6.0.1 and later	Patchman COVERAGE, Patchman COVERAGE+CLEAN	all
Booked			all
Coppermine			all
Dolibarr			all
Dotproject			all
Feng Office			all
FrontAccounting			all
Gallery			all
LifeType			all
LimeSurvey			all major releases (some plus versions)
LinPHA			all
LiveHelperChat			all
MailPoet	Specific, see below	Specific, see below	none
MediaWiki			all
MODX			all
Nextcloud			9.0.54 and later
NOCC			all
OpenBiblio			all
OpenCart			Version detection currently doesn’t work for OpenCart. We will publish a fix soon.
OrangeHRM			all
osCommerce	Specific, see below	Specific, see below	2.2 - 2.4
ownCloud			all
phpBB			all
phpESP			all
PHPFusion			all
phpList			all
phpMyChat			all
phpScheduleIt			all
PhpWiki			all
Pligg			all
SquirrelMail			all
TYPO3			all
vTiger			all
Wikiwig			all
XOOPS			all
YourLS			all
ZenPhoto			all

Plugins and libraries

A list of plugins fully supported by Patchman for patching and/or version detection is included below. If you are wondering why a specific plugin is not part of our coverage, please check Why is plugin X not patched by Patchman? for more information.

Plugin	Version(s)	Bundle / Plan (for patching)	Version detection (all plans)
WordPress Plugin: Advanced Editor Tools / TinyMCE	3.5.9 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: All in One SEO Pack	2.3.9.2 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: Contact Form 7	3.6 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: Duplicator	Specific, see below	Specific, see below	all
WordPress Plugin: GDPR Cookie Consent	Specific, see below	Specific, see below	all
WordPress Plugin: Google XML Sitemaps	4.0.8 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: InfiniteWP Client	Specific, see below	Specific, see below	all
WordPress Plugin: Jetpack	2.7 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: Popup Builder	Specific, see below	Specific, see below	all
WordPress Plugin: ThemeGrill Demo Importer	Specific, see below	Specific, see below	all
WordPress Plugin: WordPress Importer	0.6.2 and later	COVERAGE, COVERAGE+CLEAN	all
WordPress Plugin: Yoast SEO	1.6.1 and later	COVERAGE, COVERAGE+CLEAN	all
Joomla! Plugin: Akeeba Backup			all
Joomla! Plugin: Joomla Content Editor (JCE)			all

Library	Version(s)	Bundle / Plan (for patching)	Version detection (all plans)
PhpUnit	Specific, see below	Specific, see below	all

Specific (critical) vulnerabilities

Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:

Application	Vulnerability / Fix	Bundle / Plan	Version(s) covered by patches
MailPoet	Vulnerability in privilege checking	CORE, COVERAGE, COVERAGE+CLEAN	2.x
osCommerce	File Manager upload Script/basename Language Manager CSRF	CORE, COVERAGE, COVERAGE+CLEAN	2.2

Plugin	Vulnerability / Fix	Bundle / Plan	Version(s) covered by patches
WordPress Plugin: Duplicator	Adding hashes to file path to avoid arbitrary file download.	COVERAGE, COVERAGE+CLEAN	1.3.26 - 1.3.24
WordPress Plugin: Easy WP SMTP	Unauthenticated user to modify WordPress options	COVERAGE, COVERAGE+CLEAN	1.3.9 - 1.2.8
WordPress Plugin: GDPR Cookie Consent	Added check if user can manage options to prevent privilege escalation	COVERAGE, COVERAGE+CLEAN	1.8.2 - 1.6.6
WordPress Plugin: InfiniteWP Client	Check added for add_site and read_site to avoid authentication bypass	COVERAGE, COVERAGE+CLEAN	1.9.4.4 - 1.8.1
WordPress Plugin: Popup Builder	Added authorization check to AJAX actions Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export	COVERAGE, COVERAGE+CLEAN	3.72 - 3.0.5 3.63 - 3.0.5
WordPress Plugin: ThemeGrill Demo Importer	Added check if user can manage options to prevent privilege escalation	COVERAGE, COVERAGE+CLEAN	1.6.1 - 1.3.4
WordPress Plugin: WP Supercache	Added checks in settings page to prevent authenticated remote code execution (RCE) Persistent XSS on cached page	CORE, COVERAGE, COVERAGE+CLEAN	1.7.1 - 1.4.5 0.x, 1.0, 1.1, 1.2, 1.3.x and 1.4.x
Drupal Module: Coder	SA-CONTRIB-2016-039	CORE, COVERAGE, COVERAGE+CLEAN	7.x and 8.x
Drupal Module: RESTWS	SA-CONTRIB-2016-040	CORE, COVERAGE, COVERAGE+CLEAN	7.x
Drupal Module: Webform Multifile	SA-CONTRIB-2016-038	CORE, COVERAGE, COVERAGE+CLEAN	6.x and 7.x

Library	Vulnerability / Fix	Bundle / Plan	Version(s) covered by patches
Genericons	XSS in Genericons example file	CORE, COVERAGE, COVERAGE+CLEAN	WordPress 4.0.x and Genericons 3.1
PHPMailer	CVE-2020-36326 CVE-2018-19296 CVE-2016-10033 CVE-2016-10045	CORE, COVERAGE, COVERAGE+CLEAN	5.2.4 - 6.4.0 5.2.4 - 6.4.0 5.0.0 - 5.2.18 5.0.0 - 5.2.20
PhpUnit	Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring	COVERAGE, COVERAGE+CLEAN	8.5.0 - 2.2.0