WHMCS has released new patches for the 4 and 5 series. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as including critical and important security impacts.
Security Issue Information
The resolved security issues were all identified by Vlad C. of NetSec Interactive Solutions <http://safeornot.net> (as mentioned by WHMCS). There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS has only released limited information regarding the vulnerabilities at this time.
Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues. These Targeted Security Releases and Patches address 6 vulnerabilities in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0, 5.1, and BETA 5.2. Additional, supplemental information is scheduled to be released on April 9th, 2013 by the WHMCS team.
WHMCS V5.2.2 has also been released
This is a maintenance update to address issues reported in the V5.2.1 release earlier this week.
One of the key additions is additional backwards compatibility for modules and custom pages written for earlier versions. This will mean that custom pages should require *NO* changes to continue functioning exactly as before.
Another point of note is that with the V5.2.1 update, the ResellerClub and all other LogicBoxes based modules were updated to use the new API Key method of integration which is safer and more secure, and so if you are a user of any LogicBoxes based domain registrar module in WHMCS you will need to enter an API Key in the Setup > Domain Registrars page before you can continue using it.
Please also be aware that if you use the live chat addon, an update is required to that for compatability with WHMCS V5.2.x.
WHMCS 5.2.2 is now available via Softaculous and you can upgrade your WHMCS installations via one click.
Source : http://whmcs.com