Known Vulnerabilities for products from PrestaShop
Listed below are 20 of the newest known vulnerabilities associated with the vendor "PrestaShop".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33674 | PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation fram... | Not Provided | 2026-03-26 | 2026-04-01 |
| CVE-2026-33673 | PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Sit... | Not Provided | 2026-03-26 | 2026-04-01 |
| CVE-2022-21686 | PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker ... | 9.8 - CRITICAL | 2022-01-26 | 2022-02-04 |
| CVE-2021-43789 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2021-12-07 | 2021-12-08 |
| CVE-2021-21418 | ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in th... | 5.4 - MEDIUM | 2021-03-31 | 2021-04-06 |
| CVE-2021-21398 | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject ... | 5.4 - MEDIUM | 2021-03-30 | 2021-04-02 |
| CVE-2021-21308 | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is ... | 9.1 - CRITICAL | 2021-02-26 | 2021-03-05 |
| CVE-2021-21302 | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection v... | 7.2 - HIGH | 2021-02-26 | 2021-03-04 |
| CVE-2021-3110 | The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=Comm... | 9.8 - CRITICAL | 2021-01-20 | 2023-11-07 |
| CVE-2020-26248 | In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data o... | 8.2 - HIGH | 2020-12-03 | 2022-01-06 |
| CVE-2020-26225 | In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers... | 6.1 - MEDIUM | 2020-11-16 | 2020-11-30 |
| CVE-2020-26224 | In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by... | 7.5 - HIGH | 2020-11-16 | 2020-11-30 |
| CVE-2020-21967 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2022-07-13 | 2022-07-25 |
| CVE-2020-15178 | In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript whil... | 9.3 - CRITICAL | 2020-09-15 | 2020-09-21 |
| CVE-2020-15162 | In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments... | 5.4 - MEDIUM | 2020-09-24 | 2020-09-30 |
| CVE-2020-15161 | In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contac... | 6.1 - MEDIUM | 2020-09-24 | 2020-09-30 |
| CVE-2020-15160 | PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Produ... | 9.8 - CRITICAL | 2020-09-24 | 2021-05-05 |
| CVE-2020-15102 | In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change... | 6.5 - MEDIUM | 2020-07-21 | 2021-10-07 |
| CVE-2020-15083 | In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XS... | 6.1 - MEDIUM | 2020-07-02 | 2020-07-02 |
| CVE-2020-15082 | In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. Th... | 8.8 - HIGH | 2020-07-02 | 2020-07-02 |
Known software with vulnerabilities from PrestaShop
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Prestashop | Contactform | 1.0.1 |
| Application | Prestashop | Correos Express | 1.6 |
| Application | Prestashop | Dashboard Products | - |
| Application | Prestashop | Ebay Module | - |
| Application | Prestashop | Faceted Search Module | 1.0.0 |
| Application | Prestashop | Prestashop | - |
| Application | Prestashop | Prestashop Link | 1.0.4 |
| Application | Prestashop | Prestashop Linklist | 1.0.4 |
| Application | Prestashop | Prestashop Socialfollow | 1.0.0 |
| Application | Prestashop | Product Comments | 3.6.0 |
| Application | Prestashop | Productcomments | 3.6.0 |