← Back to Intel Feed
Secure route: /intel/cve-2026-41940-webpros-cpanel-whm-and-wp2-wordpress-squared
criticalCVE-2026-419402026-04-30Vector: appsec

CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

Cyberttak is tracking CVE-2026-41940 in WebPros cPanel & WHM and WP2 (WordPress Squared), a CISA Known Exploited Vulnerability added on 2026-04-30 with CVSS 9.3 and EPSS 98.1%. The advisory highlights exposed assets, patch urgency, and practical defensive checks for GCC and MENA security teams.

Decision Context

English Brief

Cyberttak is tracking CVE-2026-41940 in WebPros cPanel & WHM and WP2 (WordPress Squared), a CISA Known Exploited Vulnerability added on 2026-04-30 with CVSS 9.3 and EPSS 98.1%. The advisory highlights exposed assets, patch urgency, and practical defensive checks for GCC and MENA security teams.

الموجز العربي

CVE-2026-41940: تنبيه استغلال في WebPros cPanel & WHM and WP2 (WordPress Squared)

تتابع سايبرتاك CVE-2026-41940 في WebPros cPanel & WHM and WP2 (WordPress Squared) كثغرة مدرجة في كتالوج CISA للثغرات المستغلة منذ 2026-04-30 بدرجة CVSS 9.3 واحتمالية EPSS 98.1%. يركز هذا التنبيه على الأصول المكشوفة وأولوية التصحيح وفحوصات دفاعية مناسبة لفرق الخليج ومينا.

Affected Products
  • WebPros cPanel & WHM and WP2 (WordPress Squared)
Priority sectors
EnterpriseGovernment
Immediate Actions
  1. 1Inventory affected WebPros cPanel & WHM and WP2 (WordPress Squared) deployments.
  2. 2Apply vendor patches or mitigations referenced by CISA.
  3. 3Prioritize internet-facing and privileged deployments before lower-risk assets.
CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability | Cyberttak