Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-wvpg-4wrh-5889: PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Impact

Wrong usage of the PHP array_search() allows bypass of validation.

Patches

The problem has been patched in versions:

  • v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
  • v4.4.1 for PrestaShop 8 (build number: 8.4.4.1)
  • v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5)
  • v5.0.5 for PrestaShop 8 (build number: 8.5.0.5)
  • v5.0.5 for PrestaShop 9 (build number: 9.5.0.5)

Read the Versioning policy to learn more about the build number.

Credits

Léo CUNÉAZ reported this issue.

ghsa
Open in Source
#vulnerability#web#git#intel#php

Skip to content

Navigation Menu

    • GitHub Copilot

      Write better code with AI

    • GitHub Spark New

      Build and deploy intelligent apps

    • GitHub Models New

      Manage and compare prompts

    • GitHub Advanced Security

      Find and fix vulnerabilities

    • Actions

      Automate any workflow

*   Codespaces
    
    Instant dev environments
    
*   Issues
    
    Plan and track work
    
*   Code Review
    
    Manage code changes
    
*   Discussions
    
    Collaborate outside of code
    
*   Code Search
    
    Find more, search less
    

View all features

  • Explore

    • Learning Pathways
    • Events & Webinars
    • Ebooks & Whitepapers
    • Customer Stories
    • Partners
    • Executive Insights

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-61924

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Package

composer prestashop/ps_checkout (Composer)

Affected versions

< 4.4.1

>= 5.0.0, < 5.0.5

Patched versions

4.4.1

5.0.5

Description

Impact

Wrong usage of the PHP array_search() allows bypass of validation.

Patches

The problem has been patched in versions:

  • v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
  • v4.4.1 for PrestaShop 8 (build number: 8.4.4.1)
  • v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5)
  • v5.0.5 for PrestaShop 8 (build number: 8.5.0.5)
  • v5.0.5 for PrestaShop 9 (build number: 9.5.0.5)

Read the Versioning policy to learn more about the build number.

Credits

Léo CUNÉAZ reported this issue.

References

  • GHSA-wvpg-4wrh-5889
  • https://nvd.nist.gov/vuln/detail/CVE-2025-61924

Published to the GitHub Advisory Database

Oct 16, 2025

Last updated

Oct 16, 2025

EPSS score

ghsa: Latest News

GHSA-jjjj-jwhf-8rgr: MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
ghsa