Packagist/paymenter/paymenter — 4 CVEs

CRITICAL9.9CVE-2025-58048Paymenter vulnerable to Remote Code Execution via public file uploads

from 0, < 1.2.11

MEDIUM5.4CVE-2026-44585Paymenter has broken object level authorization via service reference manipulation on ticket creation

from 0, < 1.5.0

MEDIUM5.3CVE-2026-44583Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module

from 0, < 1.5.0

MEDIUM4.3Paymenter doesn't reset email verification status after email change

from 0, < 1.5.0

pkg:Packagist/paymenter/paymenter