Prestashop/prestashop
This hub aggregates every CVE we track for Prestashop/prestashop, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
28
CVEs tracked
5
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM16HIGH6CRITICAL5LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Prestashop/prestashop.
- CVE-2026-25597PrestaShop has a time based enumeration in FO login form5.3
- CVE-2025-51586An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.3.7
- CVE-2024-34717Anonymous PrestaShop customer can download other customers' invoices5.3
- CVE-2024-34716PrestaShop vulnerable to XSS via customer contact form in FO, through file upload9.6
- CVE-2024-26129Prestashop vulnerable to path disclosure in JavaScript variable5.8
- CVE-2024-21628XSS can be stored in DB from "add a message form" in order detail page (FO)5.4
- CVE-2024-21627Some attribute not escaped in Validate::isCleanHTML method8.1
- CVE-2023-43664Employee without any access rights can list all installed modules in Prestashop4.3
- CVE-2023-43663Improper Privilege Management in Prestashop6.3
- CVE-2023-39530PrestaShop vulnerable to file deletion via CustomerMessage6.5
- CVE-2023-39529PrestaShop vulnerable to file deletion via attachment API6.7
- CVE-2023-39528PrestaShop vulnerable to file reading through path traversal6.8
- CVE-2023-39527PrestaShop XSS vulnerability through Validate::isCleanHTML method8.3
- CVE-2023-39526PrestaShopSQL manager vulnerability (potential RCE)9.1
- CVE-2023-39525PrestaShop vulnerable to path traversal6.5
Product normalization is registry-driven with AI assist and human review. How it works