icon

We found results for “

CVE-2025-30152

Good to know:

icon

Date: March 19, 2025

The Sylius PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the cart contents before finalizing the order. As a result, the order amount in Sylius may be higher than the amount actually captured by PayPal, leading to a scenario where merchants deliver products or services without full payment. The issue is fixed in versions: 1.6.2, 1.7.2, 2.0.2 and above.

Severity Score

Severity Score

Weakness Type (CWE)

External Control of Assumed-Immutable Web Parameter

CWE-472

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/Sylius/PayPalPlugin.git - v1.6.2;https://github.com/Sylius/PayPalPlugin.git - v1.7.2;https://github.com/Sylius/PayPalPlugin.git - v2.0.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us