Cpanel Whm
Monthly
Authentication bypass in cPanel & WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting a flaw in the login flow. The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, an EPSS score of 16.52% (95th percentile), and affects multiple long-term support branches of cPanel & WHM as well as WP Squared. Given that cPanel administers shared hosting environments, successful exploitation typically grants attackers control over many downstream customer sites.
Authentication bypass in cPanel & WHM allows unauthenticated remote attackers to gain unauthorized access to the control panel by exploiting a flaw in the login flow. The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, an EPSS score of 16.52% (95th percentile), and affects multiple long-term support branches of cPanel & WHM as well as WP Squared. Given that cPanel administers shared hosting environments, successful exploitation typically grants attackers control over many downstream customer sites.