Size Proxmox VE hardware for general VMs and WHM/cPanel hosting VMs with CPU, RAM, NVMe, ZFS, Ceph, network, backup, inode, and customer-isolation planning.
PHP 8.5.6, 8.4.21, 8.3.31, and 8.2.31 are security releases. Use this hosting checklist for cPanel, Plesk, WordPress, WooCommerce, and PHP-FPM updates.
Updated June 2: cPanel & WHM v136 now includes 136.0.18/136.0.19 fixes for Exim, Template Toolkit, Roundcube, AlmaLinux 10 MySQL Tools, and 2FA login loops.
CISA added LiteSpeed cPanel Plugin CVE-2026-54420 to KEV. Hosting admins should confirm cPanel user-end plugin 2.4.8 and LiteSpeed WHM Plugin 5.3.2.1 or newer.
Update WHMCS 8.13 LTS to 8.13.3 or WHMCS 9.0 to 9.0.4 for CVE-2026-29204, then verify billing, support, provisioning, and hosting modules.
Patch cPanel & WHM and WP Squared for the May 13, 2026 five-CVE security update with safe commands, DNS cluster checks, and hosting-provider verification.
Patch PHP SOAP CVE-2026-6722 on WHM/cPanel, Linux, and container hosting servers. Includes safe version checks, restart steps, and customer guidance.
CVE-2026-6433 affects the Custom css-js-php WordPress plugin through 2.0.7. No known fix is listed, so disable or remove it and review affected sites.
A practical cPanel WordPress hosting security checklist covering malware scanning/removal, firewall coverage, backups, restore help, and safe admin checks.
Dirty Frag CVE-2026-43284 is a Linux kernel local privilege-escalation risk for hosting, container, and Proxmox servers. Patch, mitigate, and verify safely.
