CVE-2023-23941

Name of the Vulnerable Software and Affected Versions SwagPayPal versions prior to 5.4.4

Description The issue affects JavaScript-based PayPal checkout methods, including PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, and Credit card. When these methods are used, the amount and item list sent to PayPal may not match the ones in the created order.

Recommendations For versions prior to 5.4.4, update to version 5.4.4 to resolve the issue. As a temporary workaround, consider disabling the JavaScript-based PayPal checkout methods, such as PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, and Credit card, until the update is applied. Alternatively, use the Security Plugin in version 1.0.21 or later as a workaround.