Low severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice
CVE-2025-61924
Description
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/ps_checkoutPackagist | < 4.4.1 | 4.4.1 |
prestashop/ps_checkoutPackagist | >= 5.0.0, < 5.0.5 | 5.0.5 |
Affected products
2- Range: < 4.4.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wvpg-4wrh-5889ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-61924ghsaADVISORY
- github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-wvpg-4wrh-5889ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.