You are receiving this security communication just before we send it to the wider merchant community. As a member of PrestaShop tech community, you are often the first person your clients turn to when something like this lands, so we want you prepared before the messages start coming in.
What we discovered
We have identified a critical vulnerability in the Faceted Search module (ps_facetedsearch), which powers product filtering on a large share of stores. We’ve just released a new version that fixes it, and we will shortly ask merchants to update without delay.
Because this module is so widely installed, the population of affected stores is significant. Any store using ps_facetedsearch should be treated as exposed until it is updated.
Alongside this, the merchant email will include a reminder about the recent core security releases on the 8.2 and 9.1 branches (8.2.6 and 9.1.1), which fixed a separate critical vulnerability. Both matter, but the Faceted Search update is the new one, and the one we want you focused on first.
(