Companion Auto Update

Vulnerabilities 6Slug companion-auto-updateLatest version 3.9.4WordPress.org →

Minimum safe version

3.9.3

Update to 3.9.3 or later to address 6 fixable vulnerabilities

Latest available3.9.4
Medium 5.5
2025-07-15< 3.9.3

WordPress Companion Auto Update Plugin <= 3.9.2 is vulnerable to Cross Site Scripting (XSS)

EUVDPatchstackWordfenceCVE
N/A
2019-01-14< 3.3.6

Companion Auto Update <= 3.3.5 - Authenticated (Admin+) SQL Injection

Wordfence
N/A
< 3.3.6

Companion Auto Update &lt;= 3.3.5 - Authenticated SQL Injection

WPScan
N/A
2017-06-01< 2.9.4

WordPress Companion Auto Update plugin <=2.9.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities

Patchstack
Critical 9.8
2019-08-16< 3.2.1

CVE-2018-20973

CVEWordfence