Reporting a PrestaShop module security issue #

Why and How to Report Module Security Issues? #

Reporting module vulnerabilities before they are discovered and exploited by cybercriminal networks helps reinforce the ecosystem’s security.

Please report the security vulnerability to us at: report[@]security-presta.org.

Your reports are vital to address security issues, ensuring a security fix or module update is available before public disclosure.

Once the vulnerability is verified and addressed, a Security Advisory is created by documenting the specific details and impact of the vulnerability. This is then publicly disclosed with a CVE (Common Vulnerabilities and Exposures). Such information provides a standardized guide for the security community to comprehend and tackle the identified vulnerability.

We publish our research on the Friends Of Presta security advisory website.

DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE. #

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it’s crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE.

Should you discover any vulnerabilities, please report them to us at: report[@]security-presta.org.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.