WP Toolkit Site vulnerabilities email notification issues

kgs

• May 07, 2026 19:23

Howdy!

The information provided in the “WPT::VulnerabilityFound” email notification has recently changed, and is not as helpful as it once was.

1) It used to list which individual sites were affected.

2) The link to see which sites are affected (e.g. "on 4 sites") goes to the URL https://myserver.com:2087/?goto_uri=/cgi/wp-toolkit/index.cgi#/list/checkSecurity/1/instancesIds/1,6,14,15/activeTab/vulnerable-components but all this does is prompt a new WHM session and sends you to the main WHM page.

3) It also used to give more info about the specific vulnerability in the email. This one is not quite as important, but it was helpful.

In short, the notification now just tells you there is a vulnerability. It doesn't tell you where it is.

Thanks!

• 

  cPRex Jurassic Moderator

  • May 08, 2026 15:05

  Hey hey!  I reached out to the WP Toolkit team and they are aware of this issue and plan to adjust the email notifications in the next major release!

  0
• 

  kgs

  • May 08, 2026 17:02

  Hey cPRex! Excellent. Thank you!

  0
• 

  cPRex Jurassic Moderator

  • May 08, 2026 17:32

  You're welcome!

  0
• 

  CBAWS

  • May 13, 2026 17:53

  Thanks for this info. I received a similar notification today and I was confused. The email claimed I had a vulnerable plugin that I could not locate anywhere on the server. I do however have another plugin that refers to the vulnerable plugin ( if exists (vul_plugin) {extend vul_plugin}) which made me think -- does WP Toolkit scan the codes and not just the plugins folders to find potential vulnerable plugins?

  0
• 

  cPRex Jurassic Moderator

  • May 13, 2026 19:16

  CBAWS - I'm not sure on that one, and since it's related to how they perform security options it's not something they would release publicly, most likely.

  0

Please sign in to leave a comment.