CVE-2025-13114 | macrozheng mall-swarm up to 1.0.3 /cart/update/attr updateAttr improper authorization

Inserito da Angelo Barbosa | Nov 13, 2025 | CVE

A vulnerability classified as critical was found in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization.

This vulnerability is listed as CVE-2025-13114. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13114 | macrozheng mall-swarm up to 1.0.3 /cart/update/attr updateAttr improper authorization

Post correlati

CVE-2025-5301 | OnlyOffice Docs up to 8.3.1 WOPI Protocol cross site scripting

CVE-2024-49279 | TipTopPress Hyperlink Group Block Plugin up to 1.17.5 on WordPress cross site scripting

CVE-2024-36481 | Linux Kernel up to 6.6.32/6.9.3 parse_btf_field stack-based overflow (ad4b202da2c4/4ed468edfeb5/e569eb349702)

CVE-2023-49052 | Microweber 2.0.4 Created Forms cross site scripting