This week, WHMCS released a security patch for all versions of WHMCS V6.x after an ethical programmer disclosed to them details of an SQL Injection Vulnerability present in their current WHMCS releases.
Through their blog, they stated that the potential of the threat was likely to reduce if customers followed certain security steps, but not entirely avoided. Therefore, as an attempt to address the issue, WHMCS released an immediate patch before the details of the threat became widely known.
They also stated that if any further issues came to light, they would release patches for the same.