Security advisory > CVE-2023-28843

If you are on PrestaShop 1.7 or 8+, the vulnerability is not present. Module PayPal Official 3.12.0 to 3.16.3 are impacted.

The version that fixes the vulnerability is 3.16.4. Version 3.17.0 is also fixed.

Reminder: PrestaShop 1.7 or 8+, the vulnerability is not present.

We have developed a module that detects if the vulnerability is present and can patch the file.

Download the file paypalcvefixer.zip attached of this article.
Install the module in your back office by downloading the ZIP file obtained in the previous step.
Once installed, click on "Configure".
An orange message will appear to indicate that patching is required, or a green message will appear if all are OK.
Don't forget to remove this "fixer" module after

For technical details and recommandations:

For any question about PayPal official module, please contact our support team by filling this form.

The hoster TouchWeb.fr found the vulnerability.

We would like to say thank you.

Related Articles
SSL and configuration issues
In this guide, we have added this article, since we have several clients with the problem of compatibility with the SSL certificate when installing their PayPal module in their environment. First of all, the customer must make sure to comply with all ...
Comparison of Paypal Official and PS Checkout modules
With 61% of European customers having used it in the last 6 months and offered by 70% of businesses, PayPal has established itself as one of the most renowned brands in the world. For an even smoother payment experience, PrestaShop Checkout has ...
User documentation for the Braintree PrestaShop module
User documentation for the Braintree PrestaShop module

Related Articles