Prestashop
This hub aggregates every CVE we track for Prestashop, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
96
CVEs tracked
18
Critical
17
High
0
In CISA KEV
Severity distribution
MEDIUM59CRITICAL18HIGH17LOW2
Monthly trend
0
1
0
0
1
0
0
1
0
0
0
0
2
0
1
0
0
0
0
1
2
0
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Prestashop.
- CVE-2026-44212PrestaShop: Stored XSS executable in customer service view9.3
- CVE-2026-33674PrestaShop: Improper Use of Validation Framework2.0
- CVE-2026-33673PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables7.6
- CVE-2026-25597PrestaShop has a time based enumeration in FO login form5.3
- CVE-2025-51586An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.3.7
- CVE-2025-25692A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.6.5
- CVE-2025-25691A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.6.5
- CVE-2025-1230Cross-Site Scripting (XSS) vulnerability in Prestashop4.8
- CVE-2024-36626In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.5.3
- CVE-2024-41651An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploi...8.1
- CVE-2024-34717Anonymous PrestaShop customer can download other customers' invoices5.3
- CVE-2024-34716PrestaShop vulnerable to XSS via customer contact form in FO, through file upload9.6
- CVE-2024-26129Prestashop vulnerable to path disclosure in JavaScript variable5.8
- CVE-2023-6921SQL Injection in PrestaShop Google Integrator9.8
- CVE-2024-21628XSS can be stored in DB from "add a message form" in order detail page (FO)5.4
Product normalization is registry-driven with AI assist and human review. How it works