WooCommerce 9.5.2 has been released
This release includes important security enhancements and fixes.
What’s in this release
More robust coupon logic in checkout
๐ ๏ธ Fixed a bug where limited usage coupons would experience conflicts when applied simultaneously. #54269
We received reports that during specific conditions during checkout, a limited coupon could be applied more than once. This release leverages the hold_applied_coupons() method to lock the coupon when itโs applied during checkout, so it can only be used once with each request. A default hold time has also been added, while respecting custom settings from the woocommerce_hold_stock_for_checkout filter. This update ensures secure and consistent coupon handling.
Changes to the Customers API endpoint
๐ ๏ธ Enhance the security of the Customers API #54267
Following a report we received, we have now restricted mutation operations on the Customers API (/wp-json/wc/v1/customers) to customer and subscriber roles. This prevents unintended creation or modification of administrator and shop_manager roles, aligning with the API’s intended purpose and WordPress’ user endpoint behavior, which does not allow mutations.
Leave a Reply