Macrozheng

By the Year

In 2026 there have been 2 vulnerabilities in Macrozheng with an average score of 6.9 out of ten. Last year, in 2025 Macrozheng had 12 security vulnerabilities published. Right now, Macrozheng is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.55.

Recent Macrozheng Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-10070	May 29, 2026	Improper Authorization via Super Admin Password Handler in Macrozheng Mall <=1.0.3 (CVE-2026-10070) A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.	Mall
CVE-2026-25858	Feb 07, 2026	macrozheng mall-portal v1.0.3: unauth reset via OTP leak in password reset macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victims telephone number. The password reset flow exposes the one-time password (OTP) directly in the API response and validates password reset requests solely by comparing the provided OTP to a value stored by telephone number, without verifying user identity or ownership of the telephone number. This enables remote account takeover of any user with a known or guessable telephone number.
CVE-2025-15118	Dec 28, 2025	Improper auth in MacroZheng Mall Member Endpoint before v1.0.3 A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2025-14016	Dec 04, 2025	mallswarm 1.0.3 delete /member/readHistory/delete Improper Authorization A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm
CVE-2025-13443	Nov 20, 2025	Macrozheng Mall 1.0.3 Improper Access Control in /member/readHistory/delete A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-13118	Nov 13, 2025	Mall-swarm 1.0.3 Remote Imp. Auth via orderID (paySuccess) A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm
CVE-2025-13117	Nov 13, 2025	Mall-swarm 1.0.3 Improper Auth in cancelOrder (orderId) A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm
CVE-2025-13116	Nov 13, 2025	Unauthorized cancelUserOrder in macrozheng mall-swarm <=1.0.3 A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm
CVE-2025-13115	Nov 13, 2025	Improper Auth via orderId in macrozheng mall-swarm up to 1.0.3 Order Details Hdlr A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm
CVE-2025-13114	Nov 13, 2025	Improper Auth in macrozheng mall-swarm 1.0.3 UpdateAttr (Remote) A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.	Mall Swarm