Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PrestaShop — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting PrestaShop. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PrestaShop is an open-source e-commerce platform designed for merchants to create and manage online stores. With 71 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper access controls within its core modules and third-party extensions. Notable incidents include several high-severity RCE exploits that allowed attackers to gain full server control, highlighting risks associated with outdated installations and unpatched third-party plugins. The platform’s modular architecture, while flexible, frequently introduces attack surfaces through poorly secured add-ons. Security advisories emphasize the necessity of regular updates and strict adherence to hardening guidelines to mitigate these persistent threats in production environments.

Top products by PrestaShop: PrestaShop productcomments ps_linklist M4 PDF plugin blockreassurance dashproducts contactform ps_facetedsearch ps_socialfollow ps_emailsubscription blockwishlist ps_contactinfo
CVE IDTitleCVSSSeverityPublished
CVE-2022-31101 SQL Injection in prestashop/blockwishlist — blockwishlistCWE-89 8.1 High2022-06-27
CVE-2022-21686 Server Side Twig Template Injection in PrestaShop — PrestaShopCWE-94 9.0 Critical2022-01-26
CVE-2021-43789 Blind SQLi using Search filters in PrestaShop — PrestaShopCWE-89 7.5 High2021-12-07
CVE-2021-21418 Potential XSS injection in the newsletter conditions field — ps_emailsubscriptionCWE-79 4.6 Medium2021-03-31
CVE-2021-21398 Possible XSS injection through DataColumn Grid class — PrestaShopCWE-79 5.4 Medium2021-03-30
CVE-2021-21308 Improper session management for soft logout — PrestaShopCWE-287 6.1 Medium2021-02-26
CVE-2021-21302 CSV Injection via csv export — PrestaShopCWE-78 6.8 Medium2021-02-26
CVE-2020-26248 Blind SQL injection during the CommentGrade process — productcommentsCWE-89 6.8 Medium2020-12-03
CVE-2020-26225 Reflected XSS in PrestaShop Product Comments — productcommentsCWE-79 8.7 High2020-11-16
CVE-2020-26224 Improper Access Control in PrestaShop — PrestaShopCWE-284 7.5 High2020-11-16
CVE-2020-15162 Stored XSS in PrestaShop — PrestaShopCWE-79 5.4 Medium2020-09-24
CVE-2020-15160 Blind SQL Injection in PrestaShop — PrestaShopCWE-89 9.8 -2020-09-24
CVE-2020-15161 Potential XSS in PrestaShop — PrestaShopCWE-79 5.4 Medium2020-09-24
CVE-2020-15178 Potential XSS in PrestaShop contactform — contactformCWE-79 8.0 High2020-09-15
CVE-2020-15102 Improper access control on dashboard form in PrestaShop — dashproductsCWE-284 6.5 Medium2020-07-21
CVE-2020-4074 Improper Authentication — PrestaShopCWE-287 8.9 High2020-07-02
CVE-2020-15082 External control of configuration setting in the dashboard in PrestaShop — PrestaShop 7.1 High2020-07-02
CVE-2020-15083 Reflected XSS when uploading an image in the Product page in PrestaShop — PrestaShopCWE-79 4.7 Medium2020-07-02
CVE-2020-11074 Stored XSS in PrestaShop — PrestaShopCWE-79 5.4 Medium2020-07-02
CVE-2020-15079 Improper access control in PrestaShop — PrestaShopCWE-284 6.4 Medium2020-07-02
CVE-2020-15080 Information disclosure in release archive in PrestaShop — PrestaShopCWE-200 5.3 Medium2020-07-02
CVE-2020-15081 Information exposure in the upload directory in PrestaShop — PrestaShopCWE-548 5.3 Medium2020-07-02
CVE-2020-5286 Reflected XSS related in import page in PrestaShop — PrestaShopCWE-79 4.1 Medium2020-04-20
CVE-2020-5287 Improper access control on customers search in PrestaShop — PrestaShopCWE-284 4.1 Medium2020-04-20
CVE-2020-5288 Improper access control on product attributes page in PrestaShop — PrestaShopCWE-284 4.1 Medium2020-04-20
CVE-2020-5293 Improper access control on product page with combinations, attachments and specific prices in PrestaShop — PrestaShopCWE-284 6.5 Medium2020-04-20
CVE-2020-5271 Reflected XSS with dashboard calendar of PrestaShop — PrestaShopCWE-79 4.1 Medium2020-04-20
CVE-2020-5272 Reflected XSS on Search page of PrestaShop — PrestaShopCWE-79 4.1 Medium2020-04-20
CVE-2020-5276 Reflected XSS on AdminCarts page of PrestaShop — PrestaShopCWE-79 4.1 Medium2020-04-20
CVE-2020-5278 Reflected XSS on Exception page of PrestaShop — PrestaShopCWE-79 4.1 Medium2020-04-20

This page lists every published CVE security advisory associated with PrestaShop. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.