The Open Worldwide Application Security Project (OWASP) suffered a data breach in late February 2024 resulting in the exposure of sensitive data belonging to some of its members.
In an announcement published on the OWASP website, Executive Director Andrew van der Stock confirmed the breach and explained that it happened due to a misconfiguration of an old OWASP Wiki web server.
Originally Posted by JohnCS
So it is Lagom Client Theme vulnerability not WHMCS itself.
That’s correct.
Unfortunately, on certain forums, it’s being referred to as a “WHMCS vulnerability”.
A bit like how people commonly say “WordPress is insecure” when a site is hacked, what they really mean most of the time is that the outdated and poorly written plugins attached to that WordPress website are insecure, and were responsible for that site being hacked.