Clotairer

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 6.4.2 PrestaShop 1.6 versions prior to 3.18.1 **Description** A logical weakness in the "PayPal Official" module for PrestaShop can be exploited by a malicious customer to confirm an order even if the payment is declined by PayPal. This issue occurs when webhooks are disabled during the capture of a payment, allowing a threat actor to create an accepted order with a fraudulent payment support. **Recommendations** For PrestaShop versions prior to 6.4.2, update to version 6.4.2 to resolve the issue. For PrestaShop 1.6 versions prior to 3.18.1, update to version 3.18.1 to resolve the issue. As a temporary workaround, consider enabling webhooks and verifying they are callable to minimize the risk of exploitation.