WHMCS Security Patch for versions 7.3, 7.4 and 7.5

NOTE: This article is in relation to the third-party software WHMCS that some of our reseller clients may have installed onto their service with us. This is not in connection to any of our services.

It has been brought to our attention that WHMCS has identified four potential security issues within WHMCS 7.3, 7.4 and 7.5. The WHMCS development team have stated that they’d recommend you apply the latest patch as soon as possible.

The issues resolved within the latest patch for WHMCS include:

- Project permissions within the Project Management addon

- Potential XSS on admin homepage

- Improper client password reset logic

- Improper admin access to remote servers via WHMCS Connect

Backing up your files and database

Before beginning the update to apply the patch, please ensure you have a backup of your files and database just in case. This is highly recommended as should the update process go wrong, you may always revert and go back to the latest version of your site.

If you are using cPanel, you may create a full cPanel backup file within your cPanel account directly. To do this, please navigate to the Files section of your cPanel account, click on Backup à Download a Full Website Backup and generate. The full cPanel backup file will be for your whole account backing up the files, database, emails etc.

If you aren’t using cPanel, you will need to unfortunately create a ZIP of your website files and export the database from your database management portal i.e. PHPMyAdmin.

Performing the update

There are two methods in which you may use to update your WHMCS installation. You may update this manually or using the latest Automatic Updater provided by WHMCS – this is up to you.

Using the Automatic Updater

The easiest way to update WHMCS would be through their Automatic Updater (this feature is available in version 7.0 and higher). The automatic updater allows you to update the WHMCS easily through just a few clicks!

To perform the update please navigate to your WHMCS admin portal. Once you are in the admin portal please go to Utilities à Update WHMCS. On this page, after you have pressed Check Now for the latest update, please press Update Now.

Once you have pressed Update Now, the update process will commence, and you will be guided through the process. The update process can take from 30 seconds to a few minutes dependent on the size of your installation.

Manually Updating WHMCS

Alternatively, if you’d prefer to manually update your WHMCS system after backing this up – that’s not a problem.

Step 1 – Please download the WHMCS files for the update here

Step 2 – Upload all the files found within the ZIP file to the root of your WHMCS directory overwriting any existing files

Step 3 – Navigate to your WHMCS installation URL – this will be in the format of yourdomain.com/install.php (dependent on where your WHMCS installation is located)

Step 4 – Follow the instructions on screen to finish the update.

Release Notes

Version 7.3 - https://docs.whmcs.com/Version_7.3.1_Release_Notes

Version 7.4 - https://docs.whmcs.com/Version_7.4.3_Release_Notes

Version 7.5 - https://docs.whmcs.com/Version_7.5.2_Release_Notes