Impact
Missing validation on Express Checkout feature allows silent log-in
Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vulnerable except of course the patch versions published on 16/10/2025: 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, 9.5.0.5
Patches
The problem has been patched in versions
- v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
- v4.4.1 for PrestaShop 8 (build number: 8.4.4.1)
- v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5)
- v5.0.5 for PrestaShop 8 (build number: 8.5.0.5)
- v5.0.5 for PrestaShop 9 (build number: 9.5.0.5)
Read our Versioning policy to learn more about our build numbers and versions of PrestaShop Checkout
Credits
We would like to thank Léo CUNÉAZ for reporting the issue.
Impact
Missing validation on Express Checkout feature allows silent log-in
Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vulnerable except of course the patch versions published on 16/10/2025: 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, 9.5.0.5
Patches
The problem has been patched in versions
Read our Versioning policy to learn more about our build numbers and versions of PrestaShop Checkout
Credits
We would like to thank Léo CUNÉAZ for reporting the issue.