Wp Squared CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-29203	1 Webpros	3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Squared	2026-05-15	8.8 High
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
CVE-2026-32991	2 Webpros, Wordpress	4 Cpanel, Cpanel (cloudlinux 6, Centos 6), Wp Squared and 1 more	2026-05-14	7.1 High
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.
CVE-2026-29206	1 Webpros	3 Cpanel, Cpanel (cloudlinux 6, Centos 6), Wp Squared	2026-05-14	8.1 High
Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.
CVE-2026-29205	2 Webpros, Wordpress	3 Cpanel, Wp Squared, Wordpress	2026-05-14	8.6 High
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
CVE-2026-32992	1 Webpros	2 Cpanel, Wp Squared	2026-05-14	8.2 High
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
CVE-2026-32993	1 Webpros	2 Cpanel, Wp Squared	2026-05-14	8.3 High
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.
CVE-2026-29201	1 Webpros	3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Squared	2026-05-13	8.6 High
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

Page 1 of 1.