Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Prestashop — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting Prestashop. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PrestaShop is an open-source e-commerce platform designed for merchants to create and manage online stores. With 71 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper access controls within its core modules and third-party extensions. Notable incidents include several high-severity RCE exploits that allowed attackers to gain full server control, highlighting risks associated with outdated installations and unpatched third-party plugins. The platform’s modular architecture, while flexible, frequently introduces attack surfaces through poorly secured add-ons. Security advisories emphasize the necessity of regular updates and strict adherence to hardening guidelines to mitigate these persistent threats in production environments.

Top products by Prestashop: PrestaShop productcomments ps_linklist M4 PDF plugin blockreassurance dashproducts contactform ps_facetedsearch ps_socialfollow ps_emailsubscription blockwishlist ps_contactinfo
CVE IDTitleCVSSSeverityPublished
CVE-2026-33674 PrestaShop: Improper Use of Validation Framework — PrestaShopCWE-1173 2.0 Low2026-03-26
CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables — PrestaShopCWE-79 7.7 High2026-03-26
CVE-2026-25597 PrestaShop has a time based enumeration in FO login form — PrestaShopCWE-208 5.3 Medium2026-02-06
CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop — PrestashopCWE-79 4.8 Medium2025-02-12
CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template — ps_contactinfoCWE-79 6.2 Medium2025-01-22
CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices — PrestaShopCWE-200 5.3 Medium2024-05-14
CVE-2024-34716 PrestaShop vulnerable to XSS via customer contact form in FO, through file upload — PrestaShopCWE-79 9.7 Critical2024-05-14
CVE-2024-26129 Prestashop vulnerable to path disclosure in JavaScript variable — PrestaShopCWE-22 5.8 Medium2024-02-19
CVE-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO) — PrestaShopCWE-79 5.4 Medium2024-01-02
CVE-2024-21627 Some attribute not escaped in Validate::isCleanHTML method — PrestaShopCWE-79 8.1 High2024-01-02
CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module — blockreassuranceCWE-284 9.1 Critical2023-11-09
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block — blockreassuranceCWE-285 5.5 Medium2023-11-08
CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop — PrestaShopCWE-269 4.3 Medium2023-09-28
CVE-2023-43663 Improper Privilege Management in Prestashop — PrestaShopCWE-269 6.3 Medium2023-09-28
CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites — M4 PDF pluginCWE-79 3.5 Low2023-09-20
CVE-2022-45447 Path Traversal in M4 PDF plugin for Prestashop sites — M4 PDF pluginCWE-22 6.5 Medium2023-09-20
CVE-2023-39530 PrestaShop vulnerable to file deletion via CustomerMessage — PrestaShopCWE-20 6.5 Medium2023-08-07
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API — PrestaShopCWE-20 6.7 Medium2023-08-07
CVE-2023-39528 PrestaShop vulnerable to file reading through path traversal — PrestaShopCWE-22 6.8 Medium2023-08-07
CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method — PrestaShopCWE-79 8.3 High2023-08-07
CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE) — PrestaShopCWE-89 9.1 Critical2023-08-07
CVE-2023-39525 PrestaShop vulnerable to path traversal — PrestaShopCWE-22 6.5 Medium2023-08-07
CVE-2023-39524 PrestaShop vulnerable to boolean SQL injection in search product in BO — PrestaShopCWE-89 6.7 Medium2023-08-07
CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager" — PrestaShopCWE-89 10.0 Critical2023-04-25
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method — PrestaShopCWE-79 8.6 High2023-04-25
CVE-2023-30545 PrestaShop arbitrary file read vulnerability — PrestaShopCWE-89 7.7 High2023-04-25
CVE-2023-25170 PrestaShop has possible CSRF token fixation — PrestaShopCWE-352 5.0 Medium2023-03-13
CVE-2022-46158 Potential Information exposure in the upload directory in PrestaShop — PrestaShopCWE-200 5.3 Medium2022-12-08
CVE-2022-35933 PrestaShop module Product Comments vulnerable to cross-site scripting (XSS) — productcommentsCWE-79 7.2 -2022-09-02
CVE-2022-31181 Remote code execution in prestashop — PrestaShopCWE-89 9.8 Critical2022-08-01

This page lists every published CVE security advisory associated with Prestashop. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.