Security concerns

From Memora, the internal wiki


  1. No webhook verificationMollieController.php doesn't verify that webhook calls actually come from Mollie. Anyone could forge a payment confirmation.
  2. Missing auth check on order redirect — The mollie/redirect/{order} route lets anyone view any order's status by guessing the ID.