We Did a Full Security Audit — Here's What We Found and Fixed

Category: Product Updates

We ran a comprehensive security review of 24HRPR and fixed every vulnerability we found. Here's a plain-language summary of what we addressed.

We believe the companies that use 24HRPR to manage their public communications deserve a platform they can trust. This spring, we ran a comprehensive security audit of the entire platform and fixed every issue we found.

What We Reviewed

The audit covered the full application: user authentication, data access controls, how content is stored and displayed, how the server interacts with external services, and how billing data is handled. We looked at it from the perspective of an attacker trying to access data or functionality they shouldn't have.

Access Control Fixes

We found and resolved a set of broken access control vulnerabilities, places where a determined user could potentially access resources that belonged to someone else. These have been corrected. Every resource in the platform now enforces proper ownership checks.

Content Security Improvements

Public-facing content, including press releases published to newsrooms, now goes through additional sanitization to prevent cross-site scripting (XSS) attacks. Content that users publish is safe for anyone who views it.

Server-Side Request Forgery Protections

The platform allows users to submit URLs for scraping and document processing. We added protections to ensure those requests can only reach legitimate external destinations, not internal network resources or sensitive endpoints.

What This Means for You

Your press release content, your journalist contacts, your billing information, and your connected email accounts are protected. We'll continue running periodic security reviews to maintain the same standard going forward.

Security is not a one-time project. We're committed to keeping 24HRPR a platform you can rely on. Try it at 24hrpr.com.