Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30153
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote malicious users to execute arbitrary SQL commands via the ajax.php front controller.
Prestashop Payplug
NA
CVE-2023-30194
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
Prestashop Poststaticfooter
NA
CVE-2023-30282
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.
Prestashop Scexportcustomers
NA
CVE-2023-33777
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows malicious users to execute a directory traversal attack.
Prestashop Amazon
NA
CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Prestashop Productcomments
6.5
CVSSv2
CVE-2022-31101
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workaro...
Prestashop Blockwishlist
4 Github repositories
NA
CVE-2022-45447
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits t...
Prestashop M4 Pdf
NA
CVE-2022-45448
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will ...
Prestashop M4 Pdf
3.5
CVSSv2
CVE-2021-21418
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
Prestashop Ps Emailsubscription
5
CVSSv2
CVE-2020-12120
The Correos Express addon for PrestaShop 1.6 up to and including 1.7 allows remote malicious users to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
Prestashop Correos Express
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »