VYPR
Vendor

Prestashop

Products
121
CVEs
221
Across products
144
Status
Private

Products

121
View all 121 products →

Recent CVEs

221
View all 221 CVEs →
  • CVE-2018-8823CriMar 28, 2018
    risk 0.68cvss 9.8epss 0.52

    modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.

  • CVE-2018-10942CriMay 10, 2018
    risk 0.65cvss 9.8epss 0.13

    modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.

  • CVE-2025-69633CriFeb 13, 2026
    risk 0.64cvss 9.8epss 0.00

    A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup…

  • CVE-2024-33275CriApr 30, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.

  • CVE-2024-28394CriMar 19, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.

  • CVE-2023-36263CriOct 31, 2023
    risk 0.64cvss 9.8epss 0.00

    Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

  • CVE-2023-34576CriSep 21, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.

  • CVE-2023-34575CriSep 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.

  • CVE-2018-8824CriMay 10, 2018
    risk 0.64cvss 9.8epss 0.01

    modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter.

  • CVE-2026-44212CriMay 14, 2026
    risk 0.53cvss 9.3epss 0.00

    PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious…

  • CVE-2026-39079HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components

  • CVE-2024-36682HigJun 24, 2024
    risk 0.49cvss 7.5epss 0.00

    In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is…

  • CVE-2024-33270HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.

  • CVE-2026-33673HigMar 26, 2026
    risk 0.42cvss 7.6epss 0.00

    PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting (stored XSS) vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously…

  • CVE-2023-30148MedOct 14, 2023
    risk 0.40cvss 6.1epss 0.00

    Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in…

  • CVE-2018-5682MedJan 13, 2018
    risk 0.35cvss 5.3epss 0.01

    PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.

  • CVE-2018-5681MedJan 13, 2018
    risk 0.35cvss 5.4epss 0.01

    PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.

  • CVE-2025-24027MedJan 22, 2025
    risk 0.33cvss 6.2epss 0.00

    ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are…

  • CVE-2025-1230MedFeb 12, 2025
    risk 0.31cvss 4.8epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query…

  • CVE-2023-45375Oct 17, 2023
    risk 0.07cvss epss 0.38

    In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`