If you want to be notified every time we add new patches and signatures, please see Can you notify me every time a new vulnerability patch is released?

Currently, Patchman has two types of definitions. When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.

When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.

Patch and detection support for various versions of the supported applications are listed below. If you think there is a vulnerability in one of these applications that Patchman does not patch, please check Why is vulnerability X not fixed by Patchman? for more information.

Application

Patches

Bundle / Plan

Detection

WordPress

3.6 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Joomla

2.5 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Drupal

6.0 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Magento

1.9.2.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

WooCommerce

2.1.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

PrestaShop

1.6.0.1 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

Version detection for Prestashop is currently unavailable pending changes in the detection mechanism. Vulnerability patching functionality is unaffected.

Booked

 

 

all

Coppermine

 

 

all

Dolibarr

 

 

all

Dotproject

 

 

all

Feng Office

 

 

all

FrontAccounting

 

 

all

Gallery

 

 

all

LifeType

 

 

all

LimeSurvey

 

 

all major releases
(some plus versions)

LinPHA

 

 

all

LiveHelperChat

 

 

all

MailPoet

 

 

all

MediaWiki

 

 

all

MODX

 

 

all

Nextcloud

 

 

9.0.54 and later

NOCC

 

 

all

OpenBiblio

 

 

all

OpenCart

 

 

all

OrangeHRM

 

 

all

ownCloud

 

 

all

phpBB

 

 

all

phpESP

 

 

all

PHPFusion

 

 

all

phpList

 

 

all

phpMyChat

 

 

all

phpScheduleIt

 

 

all

PhpWiki

 

 

all

Pligg

 

 

all

SquirrelMail

 

 

all

TYPO3

 

 

all

vTiger

 

 

all

Wikiwig

 

 

all

XOOPS

 

 

all

YourLS

 

 

all

ZenPhoto

 

 

all


Plugins
A list of plugins fully supported by Patchman is included below. If you are wondering why a specific plugin is not part of our coverage, please check Why is plugin X not patched by Patchman? for more information.

Plugin

Version(s)

Bundle / Plan

all-in-one-seo-pack

2.3.9.2 and later

COVERAGE, COVERAGE+CLEAN

contact-form-7

3.6 and later

COVERAGE, COVERAGE+CLEAN

google-sitemap-generator

 

4.0.8 and later

COVERAGE, COVERAGE+CLEAN

jetpack

2.7 and later

COVERAGE, COVERAGE+CLEAN

tinymce-advanced

3.5.9 and later

COVERAGE, COVERAGE+CLEAN

wordpress-importer

0.6.2 and later

COVERAGE, COVERAGE+CLEAN

wordpress-seo

1.6.1 and later

COVERAGE, COVERAGE+CLEAN 


Specific (critical) vulnerabilities
Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:

Application / Plugin

Vulnerability / Fix

Bundle / Plan

Version(s) covered by patches

Popup Builder

Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export

COVERAGE, COVERAGE+CLEAN

 3.63 - 3.0.5

ThemeGrill Demo Importer

Added check if user can manage options to prevent privilege escalation

COVERAGE, COVERAGE+CLEAN

 1.6.1 - 1.3.4

PhpUnit

Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring

COVERAGE, COVERAGE+CLEAN

 8.5.0 - 2.2.0

GDPR Cookie Consent

Added check if user can manage options to prevent privilege escalation

COVERAGE, COVERAGE+CLEAN

 1.8.2 - 1.6.6

Easy WP SMTP

Unauthenticated user to modify WordPress options

COVERAGE, COVERAGE+CLEAN

 1.3.9 - 1.2.8

InfiniteWP Client

Check added for add_site and read_site to avoid authentication bypass

COVERAGE, COVERAGE+CLEAN

 1.9.4.4 - 1.8.1

Duplicator

Adding hashes to file path to avoid arbitrary file download.

COVERAGE, COVERAGE+CLEAN

1.3.26 - 1.3.24 

Drupal Module: Coder

SA-CONTRIB-2016-039

CORE, COVERAGE, COVERAGE+CLEAN

7.x and 8.x

Drupal Module: RESTWS

SA-CONTRIB-2016-040

CORE, COVERAGE, COVERAGE+CLEAN

7.x

Drupal Module: Webform Multifile

SA-CONTRIB-2016-038

CORE, COVERAGE, COVERAGE+CLEAN

6.x and 7.x

Genericons

XSS in Genericons example file

CORE, COVERAGE, COVERAGE+CLEAN

WordPress 4.0.x and Genericons 3.1

MailPoet

Vulnerability in privilege checking

CORE, COVERAGE, COVERAGE+CLEAN

2.x

osCommerce

File Manager upload
Script/basename
Language Manager CSRF

CORE, COVERAGE, COVERAGE+CLEAN

2.2

PHPMailer

CVE-2016-10033
CVE-2016-10045

CORE, COVERAGE, COVERAGE+CLEAN

5.0.0 - 5.2.18
5.0.0 - 5.2.20

WP Supercache

Persistent XSS on cached page

CORE, COVERAGE, COVERAGE+CLEAN

0.x, 1.0, 1.1, 1.2, 1.3.x and 1.4.x

Please note that we are always continuing to expand the coverage of Patchman.