Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

PrestaShop — Vulnerabilities & Security Advisories 55

All 55 CVE vulnerabilities found in PrestaShop, with AI-generated Chinese analysis, references, and POCs.

Vendor: PrestaShop

CVE IDTitleCVSSSeverityPaused
CVE-2026-33674 PrestaShop: Improper Use of Validation Framework CWE-1173 2.0 Low2026-03-26
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables CWE-79 7.7 High2026-03-26
CVE-2026-25597 PrestaShop has a time based enumeration in FO login form CWE-208 5.3 Medium2026-02-06
CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop CWE-79 4.8 Medium2025-02-12
CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices CWE-200 5.3 Medium2024-05-14
CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload CWE-79 9.7 Critical2024-05-14
CVE-2024-26129 Prestashop vulnerable to path disclosure in JavaScript variable CWE-22 5.8 Medium2024-02-19
CVE-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO) CWE-79 5.4 Medium2024-01-02
CVE-2024-21627 Some attribute not escaped in Validate::isCleanHTML method CWE-79 8.1 High2024-01-02
CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop CWE-269 4.3 Medium2023-09-28
CVE-2023-43663 Improper Privilege Management in Prestashop CWE-269 6.3 Medium2023-09-28
CVE-2023-39530 PrestaShop vulnerable to file deletion via CustomerMessage CWE-20 6.5 Medium2023-08-07
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API CWE-20 6.7 Medium2023-08-07
CVE-2023-39528 PrestaShop vulnerable to file reading through path traversal CWE-22 6.8 Medium2023-08-07
CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method CWE-79 8.3 High2023-08-07
CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE) CWE-89 9.1 Critical2023-08-07
CVE-2023-39525 PrestaShop vulnerable to path traversal CWE-22 6.5 Medium2023-08-07
CVE-2023-39524 PrestaShop vulnerable to boolean SQL injection in search product in BO CWE-89 6.7 Medium2023-08-07
CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager" CWE-89 10.0 Critical2023-04-25
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method CWE-79 8.6 High2023-04-25
CVE-2023-30545 PrestaShop arbitrary file read vulnerability CWE-89 7.7 High2023-04-25
CVE-2023-25170 PrestaShop has possible CSRF token fixation CWE-352 5.0 Medium2023-03-13
CVE-2022-46158 Potential Information exposure in the upload directory in PrestaShop CWE-200 5.3 Medium2022-12-08
CVE-2022-31181 Remote code execution in prestashop CWE-89 9.8 Critical2022-08-01
CVE-2022-21686 Server Side Twig Template Injection in PrestaShop CWE-94 9.0 Critical2022-01-26
CVE-2021-43789 Blind SQLi using Search filters in PrestaShop CWE-89 7.5 High2021-12-07
CVE-2021-21398 Possible XSS injection through DataColumn Grid class CWE-79 5.4 Medium2021-03-30
CVE-2021-21308 Improper session management for soft logout CWE-287 6.1 Medium2021-02-26
CVE-2021-21302 CSV Injection via csv export CWE-78 6.8 Medium2021-02-26
CVE-2020-26224 Improper Access Control in PrestaShop CWE-284 7.5 High2020-11-16

All 55 known CVE vulnerabilities affecting PrestaShop with full Chinese analysis, references, and POCs where available.