CVE-2026-47365
Awaiting Analysis Awaiting Analysis - Queue

WordPress Toolkit Argument Injection in cPanel & WHM

Vulnerability report for CVE-2026-47365, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: HackerOne

Description

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wp_toolkit wp_toolkit to 6.11.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-47365 is an argument injection vulnerability in WP Toolkit versions before 6.11.0 when used in cPanel & WHM environments.

This flaw allows remote authenticated users to bypass cross-tenant authorization controls and execute arbitrary WP Toolkit CLI commands with the privileges of another account.

Essentially, an attacker who is authenticated can perform actions as if they were another user, potentially compromising other tenants on the same server.

Impact Analysis

This vulnerability can have severe impacts on affected systems.

  • Remote authenticated attackers can bypass authorization boundaries between tenants.
  • Attackers can execute arbitrary WP Toolkit CLI commands as another user, potentially leading to unauthorized access or control over other accounts.
  • This can result in data compromise, service disruption, or further exploitation within a multi-tenant cPanel server environment.

To mitigate these risks, it is critical to update WP Toolkit to version 6.11.0 or later.

Mitigation Strategies

To mitigate the risk of CVE-2026-47365, administrators must update WP Toolkit to version 6.11.0 or later.

The recommended update command for root users is:

  • # /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --version 6.11.0

If the above command fails, an alternative method is to run:

  • # bash <(curl https://wp-toolkit.plesk.com/cPanel/installer.sh || wget -O - https://wp-toolkit.plesk.com/cPanel/installer.sh ) --version 6.11.0
Compliance Impact

The vulnerability allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary commands as another account, which can lead to unauthorized access and control over data belonging to other tenants.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data access and protection of personal and sensitive information.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to compromised confidentiality, integrity, and availability of data.

Detection Guidance

The provided resources do not include specific commands or methods to detect the CVE-2026-47365 vulnerability on your network or system.

However, it is known that this vulnerability affects WP Toolkit versions prior to 6.11.0 used in cPanel & WHM environments.

To check if your system is vulnerable, you can verify the installed WP Toolkit version by running commands that query the version of the WP Toolkit package or binary on your server.

  • Check the WP Toolkit version installed, for example by running: `/usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit --version`

If the version is older than 6.11.0, your system is vulnerable and should be updated.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47365. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart