GHSA-MQQ7-WXX5-MP8H ps_checkout allows unauthorized method invocation through unvalidated parameter

Impact Unvalidated parameter can lead to some unauthorized method invocation with very little possibilities. Patches The problem has been patched in versions - v5.3.0 for PrestaShop 1.7 build number: 7.5.3.0 - v5.3.0 for PrestaShop 8 build number: 8.5.3.0 - v5.3.0 for PrestaShop 9 build number:...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via unvalidated parameters in the process. An attacker can invoke unauthorized methods by supplying crafted input. Remediation Upgrade prestashop/pscheckout to version 5.3.0 or higher. References - GitHub...

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61922

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

GHSA-WVPG-4WRH-5889 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact Wrong usage of the PHP arraysearch allows bypass of validation. Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 - v4.4.1 for PrestaShop 8 build number: 8.4.4.1 - v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 - v5.0.5 for PrestaShop 8...

EUVD-2025-34788

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice...

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Impact Missing validation on input vulnerable to directory traversal. Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 build number: 7.4.4.1 v4.4.1 for PrestaShop 8 build number: 8.4.4.1 v5.0.5 for PrestaShop 1.7 build number: 7.5.0.5 v5.0.5 for PrestaShop 8 build numbe...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the Express Checkout feature. An attacker can bypass the login procedure via email. Note: Versions 9.4.3.1 through 9.4.3.3, which used the build numbering scheme prior to 2025, are also...

EUVD-2025-34790

PrestaShop Checkout allows customer account takeover via email...

CVE-2025-61924

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

CVE-2025-61922

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

CVE-2025-61924 PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP arraysearch. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61923 PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...

CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

CVE-2025-61922

PrestaShop Checkout (ps_checkout) vulnerability CVE-2025-61922 allows unauthenticated, zero-click account takeover by knowing the victim’s email. Affected versions are prior to 4.4.1 and 5.0.5; patches exist and fix is in 4.4.1 (for PrestaShop 1.7 and 8) and 5.0.5 (for 1.7, 8, and 9). Public expl...

CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...

CVE-2025-61922 PrestaShop Checkout allows customer account takeover via email

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in...