Skip to main content

Imunify Notification: "5 more vulnerabilities found" — where can I see them?

tui

Hello,

I recently received the following system notification sent to the administrator email on my cPanel server:

Dear Administrator,

We are reaching out to you to keep you informed on security threats.

The list below shows vulnerable software that has been detected in your environment:

* WordPress 3.6 /home2/acc1/public_html
* WordPress 5.4.11 /home3/acc2/public_html/folderx
* WordPress 4.9.25 /home3/acc3/public_html
* WordPress 5.5.11 /home2/acc4/public_html
* WordPress 5.0.16 /home3/acc2/public_html/new
5 more vulnerabilities found.

We urge you to take action immediately.

* Option 1: Contact the WordPress administrator(s) responsible for these websites to convey the urgency of installing the recommended updates.
* Option 2: Upgrade from ImunifyAV to Imunify360 to mitigate the server-wide risk that all unpatched and undiscovered vulnerabilities carry.

Should you have any questions, please reach out to our support team.

Faithfully,
Your Imunify360 Security Team

Manage subscriptions[IMAGE]

The system generated this notice on Wednesday, September 24, 2025 at 6:00:36 PM UTC.

“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: https://server.hostname.com:2087/scripts2/editcontact?event=Application

Do not reply to this automated message.
cP Copyright© 2025
cPanel, L.L.C.

 

I understand that:

  • This alert is generated by Imunify (not cPanel directly).

  • The message is not saying the server is already compromised, but that outdated/vulnerable software versions were found.

  • Imunify is integrated into the cPanel notification system, and at the end of the email it suggests disabling the notification if I don’t want it.

Personally, I find this feature useful, since it allows me to notify my users and ask them to update their WordPress installations (or other software that appears in these reports).

However, my question is specifically about the line:

“5 more vulnerabilities found.”

When I log into the server to check, I cannot find any panel or section that shows what those additional 5 vulnerabilities are. Imunify only shows results for malware scans, but nowhere can I see this “vulnerability scan” or details of these extra findings.

Where are those additional vulnerabilities supposed to be displayed?
Is there a separate log or section in Imunify (or cPanel) where I can review them?

Thanks in advance for any clarification.

Comments

2 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  I spoke with the Imunify team about this issue and they confirmed there is no way to see these vulnerabilities:

    "This specific notification is generated based purely on the detected WordPress version + public info (like https://api.wordpress.org/core/stable-check/1.0/).  We don't save the "list of vulnerable installations" in the DB, and it is not reflected in logs."

    so there's no way to get the exact data.

    They did let me know they are working on a newer version of the tool that will have a detailed report accessible through the command line and the user interface, but it's still being worked on.

    I'm sorry I don't have better news on this one for you.

    0
  • tui

    Hi agan cPRex, 


    Thanks for clarifying this. It’s actually helpful to know that there isn’t a way to see the list, so I can stop spending time trying to find something that doesn’t exist. And knowing that a newer version of the tool will include a detailed report is good news — that’s exactly the kind of information I was hoping to get when I saw those notifications 

    1

Please sign in to leave a comment.

Didn't find what you were looking for?

New post