WHMCS announced on Friday via its blog that a security issue published this morning allows for information disclosure.
“We are aware of the issue and are investigating it, and will be issuing a fix for this issue along with any others we discover during our targeted investigation shortly,” Matt Pugh, CEO WHMCS said in the status update. “In the meantime disabling the Mass Payment feature voids the immediate threat.”
To disable the Mass Payment feature, de-select the “Enable Mass Payment” checkbox in Setup > General Settings > Invoices and saving, according to the post.
WHMCS will be updating its blog, Facebook and Twitter with more information and the latest updates.
This security issue comes less than a month after WHMCS released a patch for its 5.2 and 5.1 minor releases after vulnerability was detected. The updates had “critical security impact,” WHMCS’ highest security level.