Article 04.06.2026 ~3 min czytania

Important Security Update for the Faceted Search Module (ps_facetedsearch)

A security vulnerability has been identified in the Faceted Search module. We recommend updating to version 4.0.4 immediately to secure your store.

Important Security Update for the Faceted Search Module (ps_facetedsearch)
#prestashop #development #release

What Is the Vulnerability?

A security flaw has been identified in the ps_facetedsearch (Faceted Search) module. It allows specially crafted HTTP requests to be processed in an unsafe manner, potentially enabling an attacker to execute arbitrary code on your server — without needing to log in.

Given the widespread use of this module for product filtering, this is classified as high priority for all merchants.

⚠️
Affected versions: ps_facetedsearch 3.0.0 – 4.0.3 on PrestaShop 1.7.1.0 or newer.
Fixed in: ps_facetedsearch 4.0.4 — update immediately.
Full advisory: GHSA-m5f5-28qr-9g9r

How to Update

1

Open Module Manager

In your Back Office go to Modules → Module Manager and search for Faceted Search.

2

Install the Update

Click Update to install version 4.0.4. If the update does not appear, download it manually and upload via Upload a module.

Download ps_facetedsearch v4.0.4

3

Verify the Version

After updating, confirm that the module version shown in Back Office is 4.0.4 or higher.

If You Cannot Update Immediately

If you are blocked by customizations or other constraints, you can apply the fix directly from source. The patch is contained in a single commit:

View the fix commit on GitHub →

⚠️
Note: Applying the commit manually fixes only this specific issue. Your module remains outdated, missing other fixes and improvements. Schedule the full update to v4.0.4 as soon as possible.

Check for Signs of Compromise

If your shop ran an affected version, it is important to verify that no unauthorized access occurred:

  • Look for unexpected PHP files in the modules/ps_facetedsearch/ directory.
  • Review server access logs for unusual or repeated requests targeting the module.
  • Check Advanced Parameters → Information in your Back Office for any changed core files.
🔍
Suspected compromise? Updating the module alone is not sufficient. A compromised shop requires thorough investigation: rotate Back Office passwords, review all modules and server credentials, and engage a PrestaShop security expert.

Additional Security Recommendations

  • Web Application Firewall (WAF): Blocks malicious requests before they reach your store. Services like Cloudflare offer managed WAF rules.
  • Restrict Dangerous PHP Functions: Disable functions such as exec, shell_exec, passthru in your php.ini if not needed.
  • Regular Updates & Backups: Keep PrestaShop core and all modules up to date. Maintain automated daily backups.
  • Monitor Security Advisories: Follow the PrestaShop security advisories and the Friends of Presta security tracker.

✅ Summary

If you are running ps_facetedsearch 3.0.0 – 4.0.3, update to v4.0.4 immediately. Check your server for signs of past compromise. Implement a WAF and review your update process to catch future vulnerabilities faster.


A
AddonsHub
Author · AddonsHub