WooCommerce 9.5.2 has been released
This release includes important security enhancements and fixes.
Whatโs in this release
More robust coupon logic in checkout
๐ ๏ธ Fixed a bug where limited usage coupons would experience conflicts when applied simultaneously. #54269
We received reports that during specific conditions during checkout, a limited coupon could be applied more than once. This release leverages the hold_applied_coupons() method to lock the coupon when itโs applied during checkout, so it can only be used once with each request. A default hold time has also been added, while respecting custom settings from the woocommerce_hold_stock_for_checkout filter. This update ensures secure and consistent coupon handling.
Changes to the Customers API endpoint
๐ ๏ธ Enhance the security of the Customers API #54267
Following a report we received, we have now restricted mutation operations on the Customers API (/wp-json/wc/v1/customers) to customer and subscriber roles. This prevents unintended creation or modification of administrator and shop_manager roles, aligning with the APIโs intended purpose and WordPressโ user endpoint behavior, which does not allow mutations.
Reposted form WooCommerce
If you have a care plan with 7th Circle Designs this update will be taken care of based on your plan’s schedule. If you do not have a care plan, sign up now.
