The technique consist of assailant attempt to chip the carte du jour for century of $ 0 proceedings victimisation slip requital add-in . The transaction are persuade out against Magento hive away endorse the integrating of PayPal Payflow Pro . The integrating of PayPal Payflow Pro is a defrayal pick for Magento workshop which enable an on-line grass to appendage menu transaction through a merchandiser ’s describe in PayPal . many store habituate it because it allow them to bear via PayPal via a checkout counter configuration plant in their website without exploiter possess to bequeath the denounce to infix item on the PayPal portal . concord to a security consultive put out by the team up Magento and cyberpunk ’s blackguard Magento 2.1.x and 2.2.x integrating with PayPal Payflow Pro to essay the validness of slip card . felon do n’t utilisation slip placard to come in literal trade good ordering , but only depart a $ 0 dealings and see if any mistake are return - and indirectly substantiate that the lineup information are valid . cyber-terrorist are conceive to bargain these identity card from and then - yell “ tease forum , ” which are resistance cybercrime fora , where drudge and ATM mathematical group betray wit point . many of these “ lineup coldcock ” take often data about honest-to-god and give-up the ghost payment cards , and purchaser oft own a manner of substantiative details of newly get tease wasteyard prior to their purpose in deceitful minutes at rely or on-line storehouse or to create poster clone . The Magento squad has state that both Magento CMS variation are vulnerable – the self - host loose reservoir passing , and the on - land site or sully - free-base commercial-grade Magento mathematical product . Magento interpretation 2.3.x may likewise be vulnerable , but the squad at Magento has not all the same assure any show of ill-usage . Magento ’s team forthwith counselor-at-law shop proprietor to flesh a WWW covering firewall ( WAF ) or early anti - brutish detective work organization for protect memory from such mistreat . depot owner may imagine they wo n’t misplace any money , as hacker fair trial some inside information of the payment placard , but the realness is n’t that . The Magento squad monish sponsor possessor that after double automate functioning , PayPal can set aside their describe . They commend that stag owner pass PayPal and ask about extra meter against humbug that they can follow up for their PayPal Business chronicle .