Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PrestaShop — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting PrestaShop. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by PrestaShop:PrestaShopproductcommentsps_linklistM4 PDF pluginblockreassurancedashproductscontactformps_facetedsearchps_socialfollowps_emailsubscriptionblockwishlistps_contactinfo
CVE IDTitleCVSSSeverityPublished
CVE-2026-33674 PrestaShop: Improper Use of Validation Framework — PrestaShopCWE-1173 2.0 Low2026-03-26
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables — PrestaShopCWE-79 7.7 High2026-03-26
CVE-2026-25597 PrestaShop has a time based enumeration in FO login form — PrestaShopCWE-208 5.3 Medium2026-02-06
CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop — PrestashopCWE-79 4.8 Medium2025-02-12
CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template — ps_contactinfoCWE-79 6.2 Medium2025-01-22
CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices — PrestaShopCWE-200 5.3 Medium2024-05-14
CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload — PrestaShopCWE-79 9.7 Critical2024-05-14
CVE-2024-26129 Prestashop vulnerable to path disclosure in JavaScript variable — PrestaShopCWE-22 5.8 Medium2024-02-19
CVE-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO) — PrestaShopCWE-79 5.4 Medium2024-01-02
CVE-2024-21627 Some attribute not escaped in Validate::isCleanHTML method — PrestaShopCWE-79 8.1 High2024-01-02
CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module — blockreassuranceCWE-284 9.1 Critical2023-11-09
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block — blockreassuranceCWE-285 5.5 Medium2023-11-08
CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop — PrestaShopCWE-269 4.3 Medium2023-09-28
CVE-2023-43663 Improper Privilege Management in Prestashop — PrestaShopCWE-269 6.3 Medium2023-09-28
CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites — M4 PDF pluginCWE-79 3.5 Low2023-09-20
CVE-2022-45447 Path Traversal in M4 PDF plugin for Prestashop sites — M4 PDF pluginCWE-22 6.5 Medium2023-09-20
CVE-2023-39530 PrestaShop vulnerable to file deletion via CustomerMessage — PrestaShopCWE-20 6.5 Medium2023-08-07
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API — PrestaShopCWE-20 6.7 Medium2023-08-07
CVE-2023-39528 PrestaShop vulnerable to file reading through path traversal — PrestaShopCWE-22 6.8 Medium2023-08-07
CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method — PrestaShopCWE-79 8.3 High2023-08-07
CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE) — PrestaShopCWE-89 9.1 Critical2023-08-07
CVE-2023-39525 PrestaShop vulnerable to path traversal — PrestaShopCWE-22 6.5 Medium2023-08-07
CVE-2023-39524 PrestaShop vulnerable to boolean SQL injection in search product in BO — PrestaShopCWE-89 6.7 Medium2023-08-07
CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager" — PrestaShopCWE-89 10.0 Critical2023-04-25
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method — PrestaShopCWE-79 8.6 High2023-04-25
CVE-2023-30545 PrestaShop arbitrary file read vulnerability — PrestaShopCWE-89 7.7 High2023-04-25
CVE-2023-25170 PrestaShop has possible CSRF token fixation — PrestaShopCWE-352 5.0 Medium2023-03-13
CVE-2022-46158 Potential Information exposure in the upload directory in PrestaShop — PrestaShopCWE-200 5.3 Medium2022-12-08
CVE-2022-35933 PrestaShop module Product Comments vulnerable to cross-site scripting (XSS) — productcommentsCWE-79 7.2 -2022-09-02
CVE-2022-31181 Remote code execution in prestashop — PrestaShopCWE-89 9.8 Critical2022-08-01

This page lists every published CVE security advisory associated with PrestaShop. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.