WHMCS Security Update v5.2.16
WHMCS has released security update for all supported version of WHMCS. Currently WHMCS 5.2.x is supported by them and they have released WHMCS v5.2.16. This WHMCS security update v5.2.16 was released to address few security concerns within the WHMCS.
The following issues were addressed in WHMCS security update v5.2.16:
Case #2557 – 2Checkout Gateway: Update to currency variable
Case #2623 – Fix calculations of promotions when more than 50% off
Case #2739 – Add TLD Specific Fields required for .CN domain registrations
Case #2874 – Authorize.net Echeck: Fix capture function behaving incorrectly
Case #3019 – Refine internal criteria for bulk domain lookup
Case #3030 – Resolve SQL error in Income by Product Report
Case #3086 – Nominet Registrar: Update to Contact Registration Logic for Individuals
Case #3116 – Required Custom Fields not validating correctly when using API
Case #3360 – Resolved issue where one time promotions could be treated as recurring
Case #3360 – Disable Recur For input box when Recurring is disabled
Case #3361 – Fix time limited recurring promotions calculating incorrectly
Case #3388 – Fix Invalid Token Error when applying credit in Original and Portal Client Templates
Case #3414 – Payflow Pro: Update to store PayFlow Reference in PayFlow Mode
Case #3617 – Do not CC password reset emails to sub-accounts
Case #3740 – ProtX VSP Form: Pass correct callback values to debug log
Case #3801 – Resolved PDF Quotes missing clients name/address
Case #3802 – Make a quantity of zero remove item from the cart
Case #3809 – Regular Expression Custom Field Validation failing on single quotes
Case #3811 – Resolve Invalid Token error when deleting recurring calendar entry
Case #3814 – Improvements to IPv6 detection and validation logic
Case #3862 – NameCheap Registrar: Fix incorrect function name call
Case #3864 – Authorize.net Echeck: Fix storage of bank account details
Case #3893 – Enom SSL Module: Fix Province is Required Error Message
Case #3922 – PayPal Express: Remove auto-login from Express Checkout Module
Apart from above, they addressed the following security issues:
Case #3637 – Improve Access Controls in Project Management Addon
Case #3782 – Improve Access Controls in Tickets
Case #3783 – Improve Access Controls in Invoices
Case #3784 – Resolve Admin Area SQL Injection Vulnerability
Case #3839 – Resolve Potential XSS Vulnerability
Case #3841 – Resolve Potential XSS Vulnerability
Case #3842 – Resolve Potential XSS Vulnerability
Case #3843 – Resolve Potential XSS Vulnerability
Case #3846 – Improve Access Controls in Tickets
Case #3922 – PayPal Express Checkout Improve Validation
Case #3931 – Potential header injection via whois lookups
Case #3932 – Improve sanitization for whois query
They have not released complete information about security issues but they many release it once the sufficient time is passed. It is highly recommended that you upgrade your WHMCS to WHMCS v5.2.16 immediately.
If you are using WHMCS v5.2.15, you can use their patch set version. If you are using previous version than v5.2.15, you will have to use their full upgrade. If you have any question about WHMCS upgrade, you can refer our article Upgrade WHMCS.