In the last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip

For manual patch apply please extract archive contents in main HostBill directory.
We strongly recommend upgrading to the latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature.