Payment Manipulation in Sylius PayPal Plugin by Sylius Core Team
CVE-2025-29788
What is CVE-2025-29788?
A vulnerability exists in the Sylius PayPal Plugin, which allows users to alter the final payment amount during the PayPal Express Checkout process. In versions prior to 1.6.1, 1.7.1, and 2.0.1, modifications made to item quantities in the shopping cart after initiating payment may result in PayPal processing only the initial amount, while Sylius recognizes the order as fully paid based on the altered total. This presents a risk for both accidental and intentional exploitation, potentially leading to financial losses for businesses as customers can underpay their orders. To address this vulnerability, it is recommended to update to the latest versions or modify specific actions within the application.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.