Authorization Bypass in Crocoblock JetPopup WordPress plugin through version 2.0.20.1 allows attackers to exploit incorrectly configured access control security levels via user-controlled keys, enabling unauthorized access to protected popup content and functionality. EPSS score of 0.04% indicates low exploitation probability despite the authorization flaw; no public exploit code or active exploitation has been identified.
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.