[HIGH] Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS

PKSA-6bcn-hzgg-jmy8 CVE-2021-41120 GHSA-25fx-mxc2-76g7

Affected package: sylius/paypal-plugin

Affected version: >=1.3.0,<1.3.1|>=1.0.0,<1.2.4

Reported by:
GitHub