prestashop
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting prestashop.
- CVE-2026-44212PrestaShop: Stored XSS executable in customer service view9.3
- CVE-2026-33674PrestaShop: Improper Use of Validation Framework2.0
- CVE-2026-33673PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables7.6
- CVE-2026-25597PrestaShop has a time based enumeration in FO login form5.3
- CVE-2025-61924PrestaShop Checkout Target PayPal merchant account hijacking from backoffice3.8
- CVE-2025-61923PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure4.1
- CVE-2025-61922PrestaShop Checkout allows customer account takeover via email9.1
- CVE-2025-51586An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.3.7
- CVE-2025-25692A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.6.5
- CVE-2025-25691A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.6.5
- CVE-2025-1230Cross-Site Scripting (XSS) vulnerability in Prestashop4.8
- CVE-2025-24027ps_contactinfo has potential XSS due to usage of the nofilter tag in template6.2
- CVE-2024-36626In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.5.3
- CVE-2024-41651An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploi...8.1
- CVE-2024-36684In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a tr...9.8