WebPros WHMCS 安全漏洞

WebPros WHMCS is a customer management and automated billing platform provided by the Swiss company WebPros, aimed at hosting providers and domain service providers. There is a security vulnerability in WebPros WHMCS, which stems from insufficient ownership checks in the clientarea.php file. This...

WebPros Comet Backup 安全漏洞

WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. Versions 20.11.0 to 26.1.1, and 26.2.1 of WebPros Comet Backup contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, allowing tenant administrators to...

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

WebPros cPanel & WHM WebHost Manager and WP2 WordPress Squared contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

WebPros WordPress Toolkit security vulnerabilities

The WebPros WordPress Toolkit is a WordPress management platform provided by the Swiss company WebPros. Versions of the WebPros WordPress Toolkit prior to 6.9.1 contained security vulnerabilities; these vulnerabilities were caused by issues with the WordPress directory names, which could lead to...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

PT-2026-4274

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.9.1 Description A flaw exists in WordPress directory names within WebPros WordPress Toolkit that can lead to privilege escalation. The issue involves manipulation of directory names. Recommendations Update...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

Summary: CVE-2025-66428 affects WebPros WordPress Toolkit prior to 6.9.1. The flaw arises from manipulation of WordPress directory names, enabling privilege escalation. The reported impact is high (CVSS v3.1: 8.8; network attack, low complexity, user interaction none; privileges required low). Re...