Security Advisory and Patch from WHMCS For 7.3, 7.4 and 7.5

Make sure all providers and resellers using WHMCS have patched your WHMCS installed due to below security advisory for WHMCS:

================================================
WHMCS Security Patch Released for 7.3, 7.4 and 7.5
https://blog.whmcs.com/133497/security-patch-released-for-73-74-and-75
================================================

Four potential security issues have been identified in WHMCS 7.5 and earlier.
It is recommended that you apply this patch as soon as possible.

The issues resolved include:
– Project permissions within the Project Management addon
– Potential XSS on admin homepage
– Improper client password reset logic
– Improper admin access to remote servers via WHMCS Connect

You can apply this patch using the Automatic Updater.
The Auto-Updater allows you to apply the patch to your current version,
or update to the latest available version (7.5.2) of WHMCS.
Learn more at https://docs.whmcs.com/Automatic_Updater#Configuring_Your_Update_Settings

Alternatively, you can download the patch for your version at
https://download.whmcs.com/#patch

To install the patch:

1) Download the appropriate files for your version of WHMCS
2) Upload all files found within the zip file to the root WHMCS directory
overwriting any existing files

If you are using WHMCS 7.2 or earlier, you should upgrade to WHMCS 7.5.2.

Respective Release Notes:
7.3: https://docs.whmcs.com/Version_7.3.1_Release_Notes
7.4: https://docs.whmcs.com/Version_7.4.3_Release_Notes
7.5: https://docs.whmcs.com/Version_7.5.2_Release_Notes

================================================

 

If you are a hosteons.com client and need help just submit a ticket from our website we will help you with it

Credit Card data security at hosteons.com

PCI Compliance

We don’t store any credit card or debit card details in our billing system, we are using stripe as our payment processor.

Once the client makes payment on our website, the card details are sent to Stripe over SSL and in return Stripe’s secure servers send our billing system a token which is stored in our billing system, we just store this token and never store any card details in our system (we do store last 4 digits of credit card) so that client can identify which card is being used to make payments.

Whenever an invoice is due and if you paid with credit card earlier, we just use this token to charge your card again.

Since we don’t store credit card details in our system we don’t need PCI Compliance and you can use your credit card/debit card without worrying about any security breaches or misuse of your credit card.

for any further queries feel free to submit a ticket in client portal at https://my.hosteons.com