Ever notice that email remains active when you suspend an account? The danger here is that cPanel allows email to be forwarded to a script. Therefore, if a forwarder is set to a malicious script this can be triggered, even after the account has been suspended. For example a forwarder to a reverse shell. Luckily there is an easy way to block this.

Source: LXer – Unpatched cPanel Vulnerability – How to Protect Your Server From It