myprestamodules CVE Vulnerabilities & Metrics

Focus on myprestamodules vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About myprestamodules Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with myprestamodules. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total myprestamodules CVEs: 11
Earliest CVE date: 31 Mar 2023, 20:15 UTC
Latest CVE date: 20 Mar 2024, 14:15 UTC

Latest CVE reference: CVE-2024-28396

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical myprestamodules CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	11
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS myprestamodules CVEs

These are the five CVEs with the highest CVSS scores for myprestamodules, sorted by severity first and recency.

CVE-2024-28396 myprestamodules Published on 20 Mar 2024, 14:15 UTC (CVSS: 0)
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
CVE-2024-25846 myprestamodules Published on 27 Feb 2024, 17:15 UTC (CVSS: 0)
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
CVE-2023-46354 myprestamodules Published on 06 Dec 2023, 23:15 UTC (CVSS: 0)
In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.
CVE-2023-46349 myprestamodules Published on 27 Nov 2023, 23:15 UTC (CVSS: 0)
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2023-46357 myprestamodules Published on 22 Nov 2023, 18:15 UTC (CVSS: 0)
In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

All CVEs for myprestamodules

CVE-2024-28396 myprestamodules vulnerability CVSS: 0 20 Mar 2024, 14:15 UTC

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.

CVE-2024-25846 myprestamodules vulnerability CVSS: 0 27 Feb 2024, 17:15 UTC

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.

CVE-2023-46354 myprestamodules vulnerability CVSS: 0 06 Dec 2023, 23:15 UTC

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.

CVE-2023-46349 myprestamodules vulnerability CVSS: 0 27 Nov 2023, 23:15 UTC

In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-46357 myprestamodules vulnerability CVSS: 0 22 Nov 2023, 18:15 UTC

In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-45387 myprestamodules vulnerability CVSS: 0 17 Nov 2023, 02:15 UTC

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

CVE-2023-40923 myprestamodules vulnerability CVSS: 0 15 Nov 2023, 06:15 UTC

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

CVE-2023-46346 myprestamodules vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.

CVE-2023-39675 myprestamodules vulnerability CVSS: 0 20 Sep 2023, 22:15 UTC

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.

CVE-2023-39677 myprestamodules vulnerability CVSS: 0 20 Sep 2023, 21:15 UTC

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

CVE-2023-26858 myprestamodules vulnerability CVSS: 0 31 Mar 2023, 20:15 UTC

SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.