Security Alert

We are aware that WHMCS customers may have received ransom notices. These notices claim data exfiltration that have occurred in different ways. The notice names the following businesses as their...

Read more »

By Matt

Security Update 2023-06-20

An important payment assertion issue and an XSS security issue have been identified that affect all versions of WHMCS. We have published new releases for active and LTS versions of WHMCS (v8.7 and...

Read more »

By David

Security Update 2022-11-30

A security issue has been identified that affects versions 8.5 and 8.6 of WHMCS. As a result, we have published new releases of WHMCS 8.5 and 8.6. All earlier versions of WHMCS are unaffected. ...

Read more »

By David

Security Update 2021-02-26

A security issue has been identified that affects all versions of WHMCS. As a result, we have published new releases for all actively supported versions of WHMCS as well as a patch which can be...

Read more »

By Matt

Security Advisory 2020-01-28

Hello, We are writing to advise you of a potential security vulnerability when htaccess directives are not enforced appropriately for WHMCS. This most commonly occurs in web server environments such...

Read more »

By Matt

Maintenance Releases for 7.5 and 7.6

Today we have released maintenance updates for the 7.5 and 7.6 series of WHMCS as well as promoted WHMCS 7.7 to General Availability. The 7.5 and 7.6 releases address usability and bug fix...

Read more »

By Matt

Security Patch Released for 7.3, 7.4 and 7.5

Four potential security issues have been identified in WHMCS 7.5 and earlier. It is recommended that you apply this patch as soon as possible. The issues resolved include: - Project permissions...

Read more »

By David

PHPMailer Security Advisory

Exploit type: Remote Code Execution in third-party PHPMailer libraryCVE Numbers: CVE-2016-10033 and CVE-2016-10045 Description All versions of the third-party PHPMailer library distributed with WHMCS...

Read more »

By Matt

Disclosure for Patch Issued 2016-08-02

On August 2nd, 2016 we issued a security patch for the v6 series - https://blog.whmcs.com/?t=116515. The following discloses the related security concern reported through our Security Bounty...

Read more »

By Matt