Security

Jun 4, 2026 By PrestaShop team

PrestaShop 9.1.4 and 8.2.7 are available

Two maintenance releases that ship the patched Faceted Search module (ps_facetedsearch v4.0.4) out of the box.

PrestaShop 9.1.4 and 8.2.7 are now available. We are publishing these two maintenance releases together because they share a single purpose: making sure that a fresh download of either version ships with the patched Faceted Search module (ps_facetedsearch) right away.

Jun 3, 2026 By PrestaShop team

Security update for the Faceted Search module (ps_facetedsearch)

A new version of the Faceted Search module is available and fixes a security issue. We recommend updating to v4.0.4.

A security vulnerability has been identified in the Faceted Search module (ps_facetedsearch). Under certain conditions, specially crafted requests could be processed unsafely by the module and lead to the execution of unauthorized code on the server. The issue does not require an account or authentication, so any shop running an affected version is exposed.

May 21, 2026 By PrestaShop team

PrestaShop 9.1.3 is available

Security maintenance for the 9.1 branch following the upstream Symfony 6.4.40 and Twig 3.26.0 releases.

PrestaShop 9.1.3 is now available. This is a small security maintenance release for the 9.1 branch that brings in the latest patch versions of two key upstream dependencies, Symfony and Twig, following their coordinated security advisories published on 2026-05-20.

Apr 28, 2026 By PrestaShop team

PrestaShop 9.1.1 is available

Critical security patch for branch 9.1.x: stored XSS in the back office Customer Service view (GHSA-w9f3-qc75-qgx9).

PrestaShop 9.1.1 is available. This security patch for the 9.1 branch addresses a Critical stored Cross-Site Scripting vulnerability. Updating as soon as possible is strongly recommended.

Apr 28, 2026 By PrestaShop team

PrestaShop 8.2.6 is available

Critical security patch for branch 8.2.x: stored XSS in the back office Customer Service view (GHSA-w9f3-qc75-qgx9).

PrestaShop 8.2.6 is available. This security patch for the 8.2 branch addresses a Critical stored Cross-Site Scripting vulnerability. Updating as soon as possible is strongly recommended.

Mar 23, 2026 By PrestaShop team

PrestaShop 8.2.5 is available

Security patch for branch 8.2.x

PrestaShop 8.2.5 is available. This security patch for the 8.2 branch addresses two vulnerabilities: a stored XSS issue in back office templates and an improper use of the validation framework.

Feb 3, 2026 By PrestaShop team

PrestaShop 9.0.3 is available

Security improvements and fixes for PrestaShop 9

PrestaShop 9.0.3 is now available! This third maintenance release continues to refine the PrestaShop 9 series, delivering important security improvements along with numerous bug fixes and enhancements.

Feb 3, 2026 By PrestaShop team

PrestaShop 8.2.4 is available

Security improvements for branch 8.2.x

PrestaShop 8.2.4 is available. This maintenance release for the 8.2 branch brings security improvements to further harden your store.

Sep 4, 2025 By PrestaShop team

PrestaShop 8.2.3 is available

Security patch for branch 8.2.x is available

PrestaShop 8.2.3 is available. It is a security‑driven patch release for the 8.2 branch. Its primary goal is to address an email enumeration vulnerability in the back office password reset feature. A handful of low-risk improvements and bug fixes that have already been validated have also been included.

Jan 22, 2025 By PrestaShop team

SQL Injection attacks alert and security enhancements for PrestaShop

Protecting your PrestaShop store from recent attacks

A recent wave of attacks has targeted PrestaShop stores, leveraging SQL Injection vulnerabilities in third-party modules to compromise data security. Malicious actors exploit these vulnerabilities to inject harmful code into the PrestaShop database, enabling the theft of sensitive customer information by loading unauthorized JavaScript scripts.