Lagom WHMCS Website CMS Bundle is now available on WHMCS Marketplace! Learn More

On June 3rd, 2025, WHMCS released an important security update affecting all currently supported versions of their system: v8.13, v8.12, and v8.11. This update addresses several vulnerabilities, including Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which were discovered both through internal audits and external reports via WHMCS’s Security Bounty Program.

If you haven’t seen the WHMCS announcement yet, you can find the full post here: WHMCS Security Update – June 3, 2025

Why This Matters for Lagom Client Theme Users

While the vulnerabilities originate in the WHMCS system itself, the security fixes involved updates to JavaScript files used by the default Twenty-One theme. Since Lagom WHMCS Client Theme builds upon and extends some of those same files to deliver its custom interface, these updates must also be applied within Lagom to maintain full compatibility and security.

⚠️ To be clear, this is not a vulnerability in the Lagom WHMCS Client Theme itself. However, because Lagom depends on certain frontend files originally provided by WHMCS, we have issued patches to ensure your theme installation remains secure and aligned with the latest WHMCS release.

Patch Now Available for Lagom Versions

To keep your installation secure, we’ve released patches for the following versions of the Lagom WHMCS Client Theme:

  • 2.3.1 – compatible with WHMCS 8.11.x
  • 2.3.2 – compatible with WHMCS 8.12.x
  • 2.3.3 – compatible with WHMCS 8.12.x
  • 2.3.4 – compatible with WHMCS 8.12.x
  • 2.3.5 – compatible with WHMCS 8.13.x

For each version above, we have provided:

  • An incremental patch containing only the modified files – ideal if you already have Lagom installed.
  • A duplicated version with a -p1 suffix – the full theme package with the security fix already applied, recommended for new installations.

You can download both the patches and updated packages from your client area.

Still Using an Older Version of WHMCS?

WHMCS has officially stated that no security patches will be released for versions older than v8.11. If you are running WHMCS v8.10 or earlier, your system may be vulnerable, and there will be no official fixes available from WHMCS.

For this reason, we strongly recommend upgrading to at least WHMCS v8.11, and ideally to the latest version (currently v8.13.1) to ensure your system is protected.

What You Should Do Next

  1. Check your WHMCS version – make sure you’re running 8.11 or higher.
  2. Update WHMCS using the automatic updater or manual method.
  3. Download and apply the Lagom WHMCS Client Theme patch corresponding to your installed version.
  4. If you’re unsure or need help, feel free to reach out to our support team.

This site uses cookie to help you improve, promote, and protect it. By continuing to browse this website you agree to the Privacy Policy. Thank you!