Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2759
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
NA
CVE-2024-30511
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a up to and including 4.45.1.
NA
CVE-2024-28390
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote malicious user to escalate privileges and obtain sensitive information via Improper Access Control.
NA
CVE-2024-28391
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote malicious user to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and...
NA
CVE-2024-28388
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote malicious user to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.
NA
CVE-2024-25848
In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.
NA
CVE-2024-25845
In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.
NA
CVE-2024-25849
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .
NA
CVE-2024-26469
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote malicious users to cause a denial of service (DoS) and escalate privileges via the url parameter in the postP...
NA
CVE-2024-25839
An issue exists in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local malicious users to escalate privileges and obtain sensitive information.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »