Skip to main content

Wordpress Toolkit

1 CVEs product

Monthly

CVE-2026-47365 CRITICAL PATCH Act Now

Cross-tenant privilege escalation in WebPros WordPress Toolkit prior to 6.11.0 (as bundled with cPanel & WHM) allows an authenticated low-privilege account holder to inject arguments into the wp-toolkit CLI and execute commands in the context of another tenant on the same shared server. With a CVSS of 9.9 and scope change, a single compromised hosting account can pivot to siblings on the same host. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

WordPress Authentication Bypass Wordpress Toolkit
NVD VulDB
CVSS 3.1
9.9
EPSS
0.1%
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Cross-tenant privilege escalation in WebPros WordPress Toolkit prior to 6.11.0 (as bundled with cPanel & WHM) allows an authenticated low-privilege account holder to inject arguments into the wp-toolkit CLI and execute commands in the context of another tenant on the same shared server. With a CVSS of 9.9 and scope change, a single compromised hosting account can pivot to siblings on the same host. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

WordPress Authentication Bypass Wordpress Toolkit
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy