If you want to be notified every time we add new patches and signatures, please see Can you notify me every time a new vulnerability patch is released?

Currently, Patchman has two types of definitions.

  • When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.

  • When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.

Patch and detection support for various versions of the supported applications are listed below. If you think there is a vulnerability in one of these applications that Patchman does not patch, please check Why is vulnerability X not fixed by Patchman? for more information.

Application

Patches

Bundle / Plan (for patching)

Version detection (all plans)

WordPress

3.6 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Joomla

2.5 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Drupal

6.0 and later

Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Magento

1.9.2.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

WooCommerce

2.1.0 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

PrestaShop

1.6.0.1 and later

Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

Booked

 

 

all

Coppermine

 

 

all

Dolibarr

 

 

all

Dotproject

 

 

all

Feng Office

 

 

all

FrontAccounting

 

 

all

Gallery

 

 

all

LifeType

 

 

all

LimeSurvey

 

 

all major releases
(some plus versions)

LinPHA

 

 

all

LiveHelperChat

 

 

all

MailPoet

Specific, see below

Specific, see below

none

MediaWiki

 

 

all

MODX

 

 

all

Nextcloud

 

 

9.0.54 and later

NOCC

 

 

all

OpenBiblio

 

 

all

OpenCart

 

 

all

OrangeHRM

 

 

all

osCommerce

Specific, see below

Specific, see below

2.2 - 2.4

ownCloud

 

 

all

phpBB

 

 

all

phpESP

 

 

all

PHPFusion

 

 

all

phpList

 

 

all

phpMyChat

 

 

all

phpScheduleIt

 

 

all

PhpWiki

 

 

all

Pligg

 

 

all

SquirrelMail

 

 

all

TYPO3

 

 

all

vTiger

 

 

all

Wikiwig

 

 

all

XOOPS

 

 

all

YourLS

 

 

all

ZenPhoto

 

 

all


Plugins and libraries

A list of plugins fully supported by Patchman for patching and/or version detection is included below. If you are wondering why a specific plugin is not part of our coverage, please check Why is plugin X not patched by Patchman? for more information.

Plugin

Version(s)

Bundle / Plan (for patching)

Version detection (all plans)

WordPress Plugin: Advanced Editor Tools / TinyMCE

3.5.9 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin: All in One SEO Pack

2.3.9.2 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin: Contact Form 7

3.6 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin: Duplicator

Specific, see below

Specific, see below

all

WordPress Plugin: GDPR Cookie Consent

Specific, see below

Specific, see below

all

WordPress Plugin: Google XML Sitemaps

4.0.8 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin: InfiniteWP Client

Specific, see below

Specific, see below

all

WordPress Plugin: Jetpack

2.7 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin:
Popup Builder

Specific, see below

Specific, see below

all

WordPress Plugin: ThemeGrill Demo Importer

Specific, see below

Specific, see below

all

WordPress Plugin: WordPress Importer

0.6.2 and later

COVERAGE, COVERAGE+CLEAN

all

WordPress Plugin: Yoast SEO

1.6.1 and later

COVERAGE, COVERAGE+CLEAN 

all

Joomla! Plugin: Akeeba Backup

all

Joomla! Plugin: Joomla Content Editor (JCE)

all

Library

Version(s)

Bundle / Plan (for patching)

Version detection (all plans)

PhpUnit

Specific, see below

Specific, see below

all

Specific (critical) vulnerabilities

Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:

Application

Vulnerability / Fix

Bundle / Plan

Version(s) covered by patches

MailPoet

Vulnerability in privilege checking

CORE, COVERAGE, COVERAGE+CLEAN

2.x

osCommerce

File Manager upload
Script/basename
Language Manager CSRF

CORE, COVERAGE, COVERAGE+CLEAN

2.2

Plugin

Vulnerability / Fix

Bundle / Plan

Version(s) covered by patches

WordPress Plugin: Duplicator

Adding hashes to file path to avoid arbitrary file download.

COVERAGE, COVERAGE+CLEAN

1.3.26 - 1.3.24 

WordPress Plugin:
Easy WP SMTP

Unauthenticated user to modify WordPress options

COVERAGE, COVERAGE+CLEAN

 1.3.9 - 1.2.8

WordPress Plugin:
GDPR Cookie Consent

Added check if user can manage options to prevent privilege escalation

COVERAGE, COVERAGE+CLEAN

 1.8.2 - 1.6.6

WordPress Plugin: InfiniteWP Client

Check added for add_site and read_site to avoid authentication bypass

COVERAGE, COVERAGE+CLEAN

 1.9.4.4 - 1.8.1

WordPress Plugin:
Popup Builder

Added authorization check to AJAX actions

Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export

COVERAGE, COVERAGE+CLEAN

3.72 - 3.0.5 


3.63 - 3.0.5

WordPress Plugin: ThemeGrill Demo Importer

Added check if user can manage options to prevent privilege escalation

COVERAGE, COVERAGE+CLEAN

 1.6.1 - 1.3.4

WordPress Plugin:
WP Supercache

Added checks in settings page to prevent authenticated remote code execution (RCE)

Persistent XSS on cached page

CORE, COVERAGE, COVERAGE+CLEAN

1.7.1 - 1.4.5




0.x, 1.0, 1.1, 1.2, 1.3.x and 1.4.x

Drupal Module: Coder

SA-CONTRIB-2016-039

CORE, COVERAGE, COVERAGE+CLEAN

7.x and 8.x

Drupal Module: RESTWS

SA-CONTRIB-2016-040

CORE, COVERAGE, COVERAGE+CLEAN

7.x

Drupal Module: Webform Multifile

SA-CONTRIB-2016-038

CORE, COVERAGE, COVERAGE+CLEAN

6.x and 7.x

Library

Vulnerability / Fix

Bundle / Plan

Version(s) covered by patches

Genericons

XSS in Genericons example file

CORE, COVERAGE, COVERAGE+CLEAN

WordPress 4.0.x and Genericons 3.1

PHPMailer

CVE-2016-10033
CVE-2016-10045

CORE, COVERAGE, COVERAGE+CLEAN

5.0.0 - 5.2.18
5.0.0 - 5.2.20

PhpUnit

Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring

COVERAGE, COVERAGE+CLEAN

8.5.0 - 2.2.0