In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade craftcms/commerce to version 4.11.2, 5.6.5 or higher.
craftcms/commerce is a Craft Commerce
Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the Order::setPaymentAmount process. An attacker can bypass payment validation by submitting a zero or negative value for the paymentAmount parameter, potentially resulting in orders being marked as paid without a valid transaction. This is only exploitable if the store has 'Allow Partial Payment on Checkout' enabled.