We Did a Full Security Audit — Here's What We Found and Fixed
Category: Product Updates
We ran a comprehensive security review of 24HRPR and fixed every vulnerability we found. Here's a plain-language summary of what we addressed.
We believe the companies that use 24HRPR to manage their public communications deserve a platform they can trust. This spring, we ran a comprehensive security audit of the entire platform and fixed every issue we found.
What We Reviewed
The audit covered the full application: user authentication, data access controls, how content is stored and displayed, how the server interacts with external services, and how billing data is handled. We looked at it from the perspective of an attacker trying to access data or functionality they shouldn't have.
Access Control Fixes
We found and resolved a set of broken access control vulnerabilities, places where a determined user could potentially access resources that belonged to someone else. These have been corrected. Every resource in the platform now enforces proper ownership checks.
Content Security Improvements
Public-facing content, including press releases published to newsrooms, now goes through additional sanitization to prevent cross-site scripting (XSS) attacks. Content that users publish is safe for anyone who views it.
Server-Side Request Forgery Protections
The platform allows users to submit URLs for scraping and document processing. We added protections to ensure those requests can only reach legitimate external destinations, not internal network resources or sensitive endpoints.
What This Means for You
Your press release content, your journalist contacts, your billing information, and your connected email accounts are protected. We'll continue running periodic security reviews to maintain the same standard going forward.
Security is not a one-time project. We're committed to keeping 24HRPR a platform you can rely on. Try it at 24hrpr.com.