Originally Posted by JohnCS
So it is Lagom Client Theme vulnerability not WHMCS itself.
That’s correct.
Unfortunately, on certain forums, it’s being referred to as a “WHMCS vulnerability”.
A bit like how people commonly say “WordPress is insecure” when a site is hacked, what they really mean most of the time is that the outdated and poorly written plugins attached to that WordPress website are insecure, and were responsible for that site being hacked.
Source link