CVE-2025-13116 | macrozheng mall-swarm up to 1.0.3 /order/cancelUserOrder orderId improper authorization

Inserito da Angelo Barbosa | Nov 13, 2025 | CVE

A vulnerability, which was classified as critical, was found in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization.

This vulnerability is registered as CVE-2025-13116. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13116 | macrozheng mall-swarm up to 1.0.3 /order/cancelUserOrder orderId improper authorization

Post correlati

CVE-2025-11915 | Google Vertex AI 2025-09-27 request smuggling (gcp-2025-059)

CVE-2024-34780 | Ivanti EPM 2024/up to 2022 SU5 sql injection

CVE-2025-0224 | Provision-ISR SH-4050A-2 up to 20241220 /server.js information disclosure

CVE-2023-41954 | ProfilePress Plugin up to 4.13.1 on WordPress privileges management