sylius/paypal-plugin Security Advisories for v1.0.0-RC.2 (3)
-
[MEDIUM] Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
PKSA-wggt-fb9b-c6dj CVE-2025-30152 GHSA-hxg4-65p5-9w37
Affected version: >=2.0.0,<2.0.2|>=1.7.0,<1.7.2|<1.6.2
Reported by:
GitHub -
[MEDIUM] Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
PKSA-x2v3-68xs-1jyr CVE-2025-29788 GHSA-pqq3-q84h-pj6x
Affected version: >=2.0.0,<2.0.1|>=1.7.0,<1.7.1|<1.6.1
Reported by:
GitHub -
[HIGH] Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
PKSA-6bcn-hzgg-jmy8 CVE-2021-41120 GHSA-25fx-mxc2-76g7
Affected version: >=1.3.0,<1.3.1|>=1.0.0,<1.2.4
Reported by:
GitHub