Which applications does Patchman scan and fix?

Follow

Currently, Patchman has two types of definitions. When a version is supported by patches, fixes are available for most security flaws in these applications. This means that vulnerabilities in these applications are automatically fixed.

When only detection support is available, Patchman is able to detect installed versions of this application, which allows you to notify your users of outdated applications.

Patch and detection support for various versions of the supported applications are listed below:

Application Patches Bundle / Plan Detection
WordPress 3.6 and later Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN
all
Joomla 2.5 and later Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN
all
Drupal 6.0 and later Patchman CORE,
Patchman COVERAGE,
Patchman COVERAGE+CLEAN
all
Magento 1.9.2.0 and later Patchman COVERAGE,
Patchman COVERAGE+CLEAN
all
WooCommerce 2.1.0 and later Patchman COVERAGE,
Patchman COVERAGE+CLEAN

all

PrestaShop 1.6.0.1 and later Patchman COVERAGE,
Patchman COVERAGE+CLEAN

none *

Booked     all
Coppermine     all
Dolibarr     all
Dotproject     all
Feng Office     all
FrontAccounting     all
Gallery     all
LifeType     all
LimeSurvey     all major releases
(some plus versions)
LinPHA     all
LiveHelperChat     all
MailPoet     all
MediaWiki     all
MODX     all
Nextcloud     9.0.54 and later
NOCC     all
OpenBiblio     all
OpenCart     all
OrangeHRM     all
ownCloud     all
phpBB     all
phpESP     all
PHPFusion     all
phpList     all
phpMyChat     all
phpScheduleIt     all
PhpWiki     all
Pligg     all
SquirrelMail     all
TYPO3     all
vTiger     all
Wikiwig     all
XOOPS     all
YourLS     all
ZenPhoto     all

 

Plugins
The following plugins are fully supported by Patchman

Plugin Version(s) Bundle / Plan
all-in-one-seo-pack
2.3.9.2 and later
COVERAGE, COVERAGE+CLEAN
contact-form-7
3.6 and later COVERAGE, COVERAGE+CLEAN
google-sitemap-generator
 
4.0.8 and later COVERAGE, COVERAGE+CLEAN
jetpack 2.7 and later COVERAGE, COVERAGE+CLEAN
tinymce-advanced
3.5.9 and later COVERAGE, COVERAGE+CLEAN
wordpress-importer
0.6.2 and later COVERAGE, COVERAGE+CLEAN
wordpress-seo
1.6.1 and later COVERAGE, COVERAGE+CLEAN 


Specific (critical) vulnerabilities

Some select vulnerabilities patched in plugins due to their critical nature, but aren't covered by full patch support. A list of these can be found below:

Application / Plugin Vulnerability / Fix Version(s) covered by patches
Popup Builder Unauthenticated Stored Cross-Site Scripting / Authenticated Settings Modification, Configuration Disclosure, and User Data Export  3.63 - 3.0.5
ThemeGrill Demo Importer Added check if user can manage options to prevent privilege escalation  1.6.1 - 1.3.4
PhpUnit Prevent remote code execution of Util/PHP/eval-stdin.php via HTTP POST data beginning with "<?php " substring  8.5.0 - 2.2.0
GDPR Cookie Consent Added check if user can manage options to prevent privilege escalation  1.8.2 - 1.6.6
Easy WP SMTP Unauthenticated user to modify WordPress options  1.3.9 - 1.2.8
InfiniteWP Client Check added for add_site and read_site to avoid authentication bypass  1.9.4.4 - 1.8.1
Duplicator Adding hashes to file path to avoid arbitrary file download. 1.3.26 - 1.3.24 
Drupal Module: Coder SA-CONTRIB-2016-039 7.x and 8.x
Drupal Module: RESTWS SA-CONTRIB-2016-040 7.x
Drupal Module: Webform Multifile SA-CONTRIB-2016-038 6.x and 7.x
Genericons XSS in Genericons example file WordPress 4.0.x and Genericons 3.1
MailPoet Vulnerability in privilege checking 2.x
osCommerce File Manager upload
Script/basename
Language Manager CSRF
2.2
PHPMailer CVE-2016-10033
CVE-2016-10045
5.0.0 - 5.2.18
5.0.0 - 5.2.20
WP Supercache Persistent XSS on cached page 0.x, 1.0, 1.1, 1.2, 1.3.x and 1.4.x

Please note that we are always continuing to expand the coverage of Patchman.

* Version detection for Prestashop is currently unavailable pending changes in the detection mechanism. Vulnerability patching functionality is unaffected.

Have more questions? Submit a request

Comments

Powered by Zendesk