WHMCS Security Issue : 26 Feb 2021
A security issue has been identified that affects all versions of WHMCS.
As a result, we have published new releases for all actively supported versions of WHMCS as well as a patch which can be applied to EOL versions 7.7, 7.8 and 7.9. Patches will not be released for any earlier versions of WHMCS.
The issue was reported via our Security Bounty Program and there is no evidence to suggest it is known publicly. We will not be releasing any further details about the issue at this time.
What should I do?
Users of WHMCS 7.10, 8.0 or 8.1 can upgrade to resolve the issue either manually or using the Automatic Updater. We recommend using the Automatic Updater.
Users of WHMCS 7.7, 7.8 and 7.9 can download and apply the patch which has been made available.
Users of WHMCS 7.6 and earlier are recommended to update to WHMCS 7.10 or later.
It is recommended that you upgrade or apply the appropriate patch as soon as possible.
Automatic Update Steps [for users of 7.10, 8.0 and 8.1]
1. Login to your WHMCS Admin Area
2. Navigate to Utilities > Update WHMCS
3. Click Configure Update Settings
4. Select the 'Current Version' Update Channel, then hit Save Changes
5. Click Check Now to check for updates
6. When the check completes, click the Update Now button and follow the wizard based steps
Manual Update Steps [for users of 7.10, 8.0 and 8.1]
1. Visit https://download.whmcs.com/
2. If you are running the immediately preceding version, you can update using the Incremental Patch Set. Select this tab and then choose the appropriate patch for your given version.
3. If you are running any earlier version of WHMCS, you will need to download and update using the full release package for your desired version.
4. Once you have downloaded the appropriate update file, follow the steps within the Readme file to perform the update process.
Patch Steps [for users of 7.7, 7.8 and 7.9]
1. Download the patch here: https://www.whmcs.com/download/1505/security_patch_77_78_79_2021-02-26.zip
2. Extract the files from the zip folder download
3. Upload the files to the root directory of your WHMCS installation to complete the process
(NOTE: Since this is a patch level update only, there will be no visible change in version number reflected within your WHMCS installation)