CVE-2025-61924

Low CVSS: 3.8

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Vendor

Prestashop

Product

Prestashop Checkout

CWE

CWE-184

Yayın Tarihi

2025-10-16 18:15:39

Güncelleme

2025-12-29 20:06:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-184 Prestashop Checkout LOW Prestashop 2025

Referanslar

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-wvpg-4wrh-5889

Benzer Kayıtlar

High

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cros…

Low

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation…

Medium

CVE-2026-25597

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeratio…

Critical

CVE-2025-61922

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and…

Medium

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and…

Low

CVE-2025-51586

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers…