13220 policies in database
Link to program      
PrestaShop logo



PrestaShop vulnerability disclosure program

Security is one of PrestaShop’s core values. We believe that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our products or services, we encourage you to notify us. This Policy sets out the rules under which we expect the research and reporting of vulnerabilities to be conducted, as well as what you can expect from us in return.
If you have discovered a security vulnerability in our program, we appreciate your help in disclosing it to us in a responsible manner.

Scope of this program

PrestaShop is an immensely feature-rich, open source e-commerce solution which you can use to run stores in the cloud or via self-hosting. It's currently used by hundreds of thousands of shops worldwide and is available in 75 different languages.
Our software is open source and is available on GitHub.
Vulnerabilities reported on other services or applications owned by PrestaShop are currently not eligible for monetary reward and will be handled as a responsible disclosure. As they come into scope, they will be added to this section.

This program targets Prestashop's core and Prestashop's proprietary modules: in-scope modules are those listed here with prefix prestashop/*

Testings shall be conducted on the latest version available ; we will provide and maintain a changelog.txt on the program to keep you updated.

Eligibility for Bounty

  • You must use the latest stable downloadable version of the PrestaShop Core Software
  • Vulnerability must be reproducible on the latest version of the app to be eligible for a reward
  • You must be the first reporter of a valid vulnerability (any duplicate reports will not be rewarded)
  • You must send a clear textual description of the report along with steps to reproduce the issue, please include attachments such as screenshots of proof of concept code as necessary
  • You must not be a former or current employee of PrestaShop or one of its contractors
  • No vulnerability disclosure, including partial is allowed for the moment

We intend to respond and resolve reported issues as quickly as possible, depending on our workload and the severity of the issue. Please provide a reasonable amount of time to fix the issue and release patched version before any disclosure to the public.)

In Scope

Scope Type Scope Name


Out of Scope

Scope Type Scope Name

Any asset, module or domain not listed in the scope

This program crawled on the 2020-07-23 is sorted as bounty.

FireBounty © 2015-2021

Legal notices