HomeDefault status
unaffected
11.136.0.0 (semver) before 11.136.0.9
affected
11.134.0.0 (semver) before 11.134.0.25
affected
11.132.0.0 (semver) before 11.132.0.31
affected
11.130.0.0 (semver) before 11.130.0.22
affected
11.126.0.0 (semver) before 11.126.0.58
affected
11.124.0.0 (semver) before 11.124.0.37
affected
11.118.0.0 (semver) before 11.118.0.66
affected
11.110.0.0 (semver) before 11.110.0.116
affected
11.110.0.0 (semver) before 11.110.0.117
affected
11.102.0.0 (semver) before 11.102.0.41
affected
11.94.0.0 (semver) before 11.94.0.30
affected
11.86.0.0 (semver) before 11.86.0.43
affected
Default status
unaffected
11.110.0.0 (semver) before 11.110.0.114
affected
Default status
unaffected
11.136.1.0 (semver) before 11.136.1.10
affected
Description
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.
Problem types
CWE-20 Improper Input Validation
Product status
11.136.0.0 (semver) before 11.136.0.9
11.134.0.0 (semver) before 11.134.0.25
11.132.0.0 (semver) before 11.132.0.31
11.130.0.0 (semver) before 11.130.0.22
11.126.0.0 (semver) before 11.126.0.58
11.124.0.0 (semver) before 11.124.0.37
11.118.0.0 (semver) before 11.118.0.66
11.110.0.0 (semver) before 11.110.0.116
11.110.0.0 (semver) before 11.110.0.117
11.102.0.0 (semver) before 11.102.0.41
11.94.0.0 (semver) before 11.94.0.30
11.86.0.0 (semver) before 11.86.0.43
11.110.0.0 (semver) before 11.110.0.114
11.136.1.0 (semver) before 11.136.1.10
References
support.cpanel.net/...el-WHM-WP2-Security-Update-May-08-2026