In order to protect the greatest number of PrestaShop stores, Friends Of Presta publishes public security advisories and requests a CVE on the recommendations of agencies, hosts and merchants, if:

  • A PrestaShop module or theme is highly exploited or explored for a malicious activity.
  • The author of this module, although contacted, does not plan to publish a CVE or does not respond to requests for corrections.
  • A critical vulnerability is not detectable by a WAF.

For more information, please contact: security/at/

Join us on Friends Of Presta Slack

Github repository

Json api