Whmcs

This hub aggregates every CVE we track for Whmcs, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 4 most recently published vulnerabilities affecting Whmcs.

• CVE-2026-29204Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorize...9.1May 12, 2026
• CVE-2024-9193WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update9.8Feb 28, 2025
• CVE-2022-0855Improper Resolution of Path Equivalence in microweber-dev/whmcs_plugin6.1Mar 4, 2022
• CVE-2010-1702SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.7.5May 4, 2010