VYPR

Packagist (Composer) package

sylius/paypal-plugin

pkg:composer/sylius/paypal-plugin

Vulnerabilities (3)

  • CVE-2025-30152MedMar 19, 2025
    affected < 1.6.2fixed 1.6.2

    The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user in

  • CVE-2025-29788MedMar 17, 2025
    affected < 1.6.1fixed 1.6.1

    The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping

  • CVE-2021-41120Oct 5, 2021
    affected >= 1.0.0, < 1.2.4fixed 1.2.4

    sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Cred