Back to Blog Posts

Security Update 2025-06-03

By Chen / June 3rd, 2025

Today we have released updates for all actively supported and long-term support (LTS) versions of WHMCS, namely v8.13, v8.12, and v8.11. These updates resolve a number of security vulnerabilities that have been identified as affecting all currently supported versions of WHMCS.

The majority of these vulnerabilities were discovered through routine internal security audits, while others were reported through our Security Bounty Program.

In order to safeguard users who have not yet updated to the latest version, we are deliberately limiting the disclosure of specific technical details at this time.

No updates will be issued for versions prior to v8.11.

What should you do next?
You should update WHMCS, either manually or using the Automatic Updater, as soon as possible. We recommend using the Automatic Updater and upgrading to the Latest Stable Version (8.13.1).

Update Instructions:
Automatic Update: You can update automatically using the Automatic Updater. Simply navigate to Utilities > Update WHMCS to begin the update process.
The automatic updater allows you to upgrade to the latest maintenance release for your current version by choosing "Current Version" in the Update Settings Update Tier selection.

Manual Update: As always, manual downloads are also being made available for those who wish to upgrade manually. You can download both the release and incremental versions from the Download page.
As always you may reference our article on updating for more in-depth step-by-step guidance.

What is included in the update?
The update resolves multiple security vulnerabilities, most notably XSS and CSRF. Changelogs have been provided for the respective versions with redacted titles:

8.13.1 Changelog
8.12.2 Changelog
8.11.3 Changelog
Need Help?
If you have any issues updating your WHMCS installation or applying the patch, you can contact our support team at https://www.whmcs.com/submit-a-ticket.

Liked this article? Share it