We have released a new order functions file for WHMCS V3.1.2 to fix an issue that can allow a malicious user to submit an order for a product using the free billing cycle even if not available for that product, thereby resulting in a zero amount being due. The issue does not pose any risk to your system as the account will still remain in a pending state despite being submitted as free, but the issue should be patched to prevent the orders from being placed.

The updated file can be downloaded from www.whmcs.com/support/dl.php?type=d&id=14 and should be uploaded to the includes folder of your WHMCS installation.

Thank you for choosing WHMCS!

Matt