Incorrect Authorization
Overview @openclaw/zalouser is an OpenClaw Zalo Personal Account plugin via native zca-js integration Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another...