53 matches found
Account Takeover
prestashop/pscheckout is vulnerable to Account takeover. The vulnerability is due to missing validation in the Express Checkout feature, which allows an attacker to silently authenticate using a victim’s email address and take over the account...
CVE-2025-61922
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the Express Checkout feature. An attacker can bypass the login procedure via email. Note: Versions 9.4.3.1 through 9.4.3.3, which used the build numbering scheme prior to 2025, are also...
GHSA-54HQ-MF6H-48XH PrestaShop Checkout allows customer account takeover via email
Impact Missing validation on Express Checkout feature allows silent log-in Affected versions The issue was introduced in PrestaShop Checkout 1.3.0 . All versions above 1.3.0 are vulnerable except of course the patch versions published on 16/10/2025: 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, 9.5.0.5...
PrestaShop Checkout allows customer account takeover via email
Impact Missing validation on Express Checkout feature allows silent log-in Affected versions The issue was introduced in PrestaShop Checkout 1.3.0 . All versions above 1.3.0 are vulnerable except of course the patch versions published on 16/10/2025: 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, 9.5.0.5...
CVE-2025-61922
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...
CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...
CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...
CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...
PrestaShop Checkout 授权问题漏洞
PrestaShop Checkout is an open source checkout payment module from PrestaShopCorp. An authorization issue vulnerability exists in PrestaShop Checkout versions prior to 4.4.1 and prior to 5.0.5, which stems from a lack of authentication in the Express Checkout feature that could lead to an account...
PT-2025-42514
Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions 1.3.0 through 4.4.0 PrestaShop Checkout versions 5.0.0 through 5.0.4 Description The PrestaShop Checkout module, used in partnership with PayPal, contains a flaw in the Express Checkout feature. Missing validation...
EUVD-2012-4859
Malware in sbrugna...
EUVD-2025-12032
Malicious code in bioql PyPI...
EUVD-2024-28447
Malicious code in bioql PyPI...
EUVD-2025-18510
Malicious code in bioql PyPI...
CVE-2025-48111
Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...
CVE-2025-48111
Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...
CVE-2025-48111 WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...
CVE-2025-48111 WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...
PT-2025-25683 · Yith · Yith Paypal Express Checkout For Woocommerce
Name of the Vulnerable Software and Affected Versions: YITH PayPal Express Checkout for WooCommerce versions 1.49.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. Recommendations: For YITH PayPal Express Checkout for WooCommer...