Primary

Context

PrestaShop Checkout Target PayPal Account Hijacking Vulnerability

Vulnerability

A vulnerability in the PrestaShop Checkout payment module, affecting versions prior to 4.4.1 and 5.0.5, allows for Target PayPal merchant account hijacking from the back office. This issue arises from improper validation due to the incorrect use of the PHP array_search() function, enabling account takeover.

Impact

Exploitation of this vulnerability could lead to unauthorized access to and control over a Target PayPal merchant account, allowing for potentially fraudulent transactions or manipulation of account settings.

Remediation

Users can upgrade to PrestaShop Checkout version 4.4.1 for PrestaShop 1.7 or 8, or version 5.0.5 for PrestaShop 1.7, 8, or 9.

Added: Oct 16, 2025, 6:21 PM

Updated: Oct 16, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PrestaShop Checkout Target PayPal Account Hijacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating