How severe is CVE-2025-61924?

CVE-2025-61924 has a CVSS v3 score of 3.8 (LOW).

CVE-2025-61924

Name: prestashop_checkout
Author: prestashop

3.8LOW

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wron

Опубликовано: 10/16/2025Обновлено: 12/29/2025

Описание

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

ИИ-АнализНа базе ИИ

Затронутые продукты

prestashopprestashop_checkout

Ссылки

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-wvpg-4wrh-5889
Vendor Advisory