well, any accounts running outdated workloads (could be anything LAMP-flavored) could be attack vectors, with the entire shared machine possibly compromised by any weak account due to these latest LPEs
these cPanel machines frequently run 4- or low-5-figure quantities of customer accounts, each with potentially multiple domains or CMS deployments, and not always the most technically-engaged customer base, so that's a lot of surface area to account for: how diligent can hosts realistically be about every WordPress plugin, every Drupal or Magento module, and so on?
(nb I don't like shared hosting and am not defending it, just addressing the reality of the long tail)
these cPanel machines frequently run 4- or low-5-figure quantities of customer accounts, each with potentially multiple domains or CMS deployments, and not always the most technically-engaged customer base, so that's a lot of surface area to account for: how diligent can hosts realistically be about every WordPress plugin, every Drupal or Magento module, and so on?
(nb I don't like shared hosting and am not defending it, just addressing the reality of the long tail)