| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33674 | PrestaShop: Improper Use of Validation Framework | PrestaShop | PrestaShop | Low | 2.0 | 2026-03-26 21:42:34 | Deep Dive |
| CVE-2026-33673 | PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables | PrestaShop | PrestaShop | High | 7.6 | 2026-03-26 21:41:13 | Deep Dive |
| CVE-2026-25597 | PrestaShop has a time based enumeration in FO login form | PrestaShop | PrestaShop | Medium | 5.3 | 2026-02-06 20:47:25 | Deep Dive |
| CVE-2025-62945 | WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability | Eduard Pinuaga Linares | Did Prestashop Display | High | 7.1 | 2025-10-27 01:34:07 | Deep Dive |
| CVE-2025-1230 | Cross-Site Scripting (XSS) vulnerability in Prestashop | Prestashop | Prestashop | Medium | 4.8 | 2025-02-12 10:38:08 | Deep Dive |
| CVE-2025-24027 | ps_contactinfo has potential XSS due to usage of the nofilter tag in template | PrestaShop | ps_contactinfo | Medium | 6.2 | 2025-01-22 14:26:43 | Deep Dive |
| CVE-2024-34717 | Anonymous PrestaShop customer can download other customers' invoices | PrestaShop | PrestaShop | Medium | 5.3 | 2024-05-14 15:47:27 | Deep Dive |
| CVE-2024-34716 | PrestaShop vulnerable to XSS via customer contact form in FO, through file upload | PrestaShop | PrestaShop | Critical | 9.6 | 2024-05-14 15:45:45 | Deep Dive |
| CVE-2024-30511 | WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability | Frédéric GILLES | FG PrestaShop to WooCommerce | Medium | 5.3 | 2024-03-29 15:42:44 | Deep Dive |
| CVE-2024-24837 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins | Frédéric GILLES | FG PrestaShop to WooCommerce | Medium | 4.3 | 2024-02-21 07:18:55 | Deep Dive |
| CVE-2024-26129 | Prestashop vulnerable to path disclosure in JavaScript variable | PrestaShop | PrestaShop | Medium | 5.8 | 2024-02-19 21:59:54 | Deep Dive |
| CVE-2023-6921 | SQL Injection in PrestaShop Google Integrator | PrestaShow | PrestaShop Google Integrator | Critical | 9.8 | 2024-01-08 11:34:20 | Deep Dive |
| CVE-2024-21628 | XSS can be stored in DB from "add a message form" in order detail page (FO) | PrestaShop | PrestaShop | Medium | 5.4 | 2024-01-02 21:17:15 | Deep Dive |
| CVE-2024-21627 | Some attribute not escaped in Validate::isCleanHTML method | PrestaShop | PrestaShop | High | 8.1 | 2024-01-02 21:03:18 | Deep Dive |
| CVE-2023-47110 | Any value can be changed in the configuration table by an employee having access to block reassurance module | PrestaShop | blockreassurance | Critical | 9.1 | 2023-11-09 15:24:15 | Deep Dive |
| CVE-2023-47109 | PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block | PrestaShop | blockreassurance | Medium | 5.5 | 2023-11-08 21:37:54 | Deep Dive |
| CVE-2023-43664 | Employee without any access rights can list all installed modules in Prestashop | PrestaShop | PrestaShop | Medium | 4.3 | 2023-09-28 18:16:58 | Deep Dive |
| CVE-2023-43663 | Improper Privilege Management in Prestashop | PrestaShop | PrestaShop | Medium | 6.3 | 2023-09-28 18:13:49 | Deep Dive |
| CVE-2022-45448 | Cross-site Scripting in M4 PDF plugin for Prestashop sites | Prestashop | M4 PDF plugin | Low | 3.5 | 2023-09-20 12:14:58 | Deep Dive |
| CVE-2022-45447 | Path Traversal in M4 PDF plugin for Prestashop sites | Prestashop | M4 PDF plugin | Medium | 6.5 | 2023-09-20 09:30:09 | Deep Dive |