CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

CVE-2026-47365

CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...

PT-2026-38675

Name of the Vulnerable Software and Affected Versions cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 WP Squared cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to...

Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to...

Exploit for CVE-2026-41940

SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...

CVE-2026-41940: cPanel & WHM Authentication Bypass

Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940, the identifier subsequently assigned on...

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers targets programming environments such as cPanel & WHM, Plesk, and DirectAdmin, running on Linux operating systems. This vulnerability allows attackers to gain increased privileges.

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers, as well as for cPanel & WHM, Plesk, and DirectAdmin operating systems on Linux, is related to errors in privilege management. Exploiting this vulnerability can allow attackers to...

cPanel and WHM 11.25 - failurl HTTP Response Splitting

cPanel and WHM 11.25 - failurl HTTP Response Splitting source: https://www.securityfocus.com/bid/37902/info cPanel and WHM is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This...