There’s exact same vulnerability in Paypal Express Checkout flow (they will not fix it) Furthermore, tons of other payment-related providers can be vulnerable to the same attack. OAuth1-like flows are based on request_token/invoice id (for example https://bitpay.com/Invoice?id=INVOICE) This is your token and it’s tied to your Client account. No matter who pays this invoice – you will only need to visit Client-Return-URL?token=TOKEN1 to add funds someone paid.”]
Source: http://homakov.blogspot.com/2014/01/token-fixation-in-paypal.html