Core wc-admin

Developer Advisory: WordPress components no longer bundled with WooCommerce Admin

tl;dr As of WooCommerce Admin 1.9, the @wordpress/components package is no longer bundled as part of the WooCommerce Admin codebase. The Details Early on in the development of WooCommerce Admin, the maintainers decided to bundle the @wordpress/components package with WooCommerce Admin. This helped ensure all of the features WooCommerce Admin relies on, notably React hooks, […]

blocks Core wc-admin

Developer Advisory: Changes to WooCommerce Versioning Scheme

tl;dr WooCommerce Core and related ecosystem plugins are transitioning away from Semantic Versioning and adopting WordPress versioning. This transition will begin with WooCommerce 5.0, which will be a non-breaking change. Background A few years ago, WooCommerce adopted a Semantic Versioning (SemVer) scheme for its releases. This adoption marked an improvement from what had been a […]

blocks Core Quality

Developer Advisory: Combating Spam Order Bots

tl;dr Stores without any anti-spam or antifraud measures in place may see an increase in spam orders due to a renewed attack from a bot probing sites for vulnerabilities. The Details In November of 2020, we shared an advisory for developers encouraging them to update to the latest version of WooCommerce due to a vulnerability […]

Core Quality

Developer Advisory: WordPress 5.6 and jQuery 3

tl;dr WordPress 5.6 will ship with jQuery 3.5.1 and an updated version of jQuery Migrate, which will help you identify potential compatibility issues in your extensions. Developers should ensure extensions are compatible with jQuery 3 because the WordPress Core team is currently planning to phase out the use of jQuery Migrate in WordPress 5.7. The […]


Developer Advisory: Spam Orders and Accounts from Bots

tl;dr Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the “Allow customers to create an account during checkout” setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe […]