A WHMCS vulnerability was recently identified. All of our shared and reseller servers are guarded against the vulnerability and you do not need to do anything.
If you are currently on a dedicated server or VPS and you have disabled our modsec cron (it is there by default) you may be at risk. Please contact us for further information to protect your WHMCS from this exploit. It takes just a moment to apply the modsec rule and block the vulnerability.
WHMCS is aware of the issue and have made it a top priority to resolve the issue.
The Development Team is actively working on the resolution. Please rest assured this is our absolute number one priority. We will update…
— WHMCS (@whmcs) October 3, 2013
If you have any questions as to your vulnerability please contact our support department via ticket or live chat.
-The Surpass Team
UPDATE: A patch has been released for the vulnerability. http://blog.whmcs.com/?t=79427
What a relief.
Thank God I signed up with you guys or
this might have turned out differently.