Vulnerability Database

319,561

Total vulnerabilities in the database

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Published: Oct 16, 2025
Updated: Jan 19, 2026
CVE: CVE-2025-61923
GHSA: GHSA-fpxp-pfqm-x54w
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
prestashop / ps_checkout	-	4.4.1
prestashop / ps_checkout	5.0.0	5.0.5
prestashop / prestashop_checkout	-	7.4.4.1
prestashop / prestashop_checkout	7.5.0.1	7.5.0.5
prestashop / prestashop_checkout	8.3.1.0	8.4.4.1
prestashop / prestashop_checkout	8.5.0.0	8.5.0.5
prestashop / prestashop_checkout	9.4.3.1	9.5.0.5

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-fpxp-pfqm-x54w

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo