CVE-2025-61922

Critical CVSS: 9.1

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Vendor

Prestashop

Product

Prestashop Checkout

CWE

CWE-287

Yayın Tarihi

2025-10-16 18:15:38

Güncelleme

2025-12-29 20:06:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Prestashop Checkout CRITICAL Prestashop 2025

Referanslar

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-54hq-mf6h-48xh

Benzer Kayıtlar

High

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cros…

Low

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation…

Medium

CVE-2026-25597

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeratio…

Low

CVE-2025-61924

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and…

Medium

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and…

Low

CVE-2025-51586

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers…