Prestashop Module Send to a Friend allows Spammers to abuse the feature for sending emails to a friend
How I have discovered the security flaws in Prestashop Module - Send to a Friend One customer reported that the in-box for isPrestashop store email was containing hundreds of bounced emails, with spam, so I requested him to forward one of that emails to me. Just by open it, was obvious that the email was originated from is store, by the native Send to a Friend module. This module is installed, by default, on the original Prestashop theme and in many other third part themes.
Responsible Disclosure Recently I made a Responsible Disclosure for 2 security vulnerabilities in Prestashop Module Send to a Friend and provided also the fixes for them in a Github Pull Request. This was done in coordination with Prestashop Core Team to ensure the issue was not public until Prestashop owners of Online Stores have the time to update the module and also to guarantee that the code for the fixes was according to their rules.