9 versions available
Subscribe to connect and install
* SECURITY [Medium]: Fixed an authenticated account takeover vulnerability that could allow an attacker to assume any user account, including administrators. * SECURITY [Low]: Fixed unauthenticated access to order status and user data. * FIX: PayGold link generated from admin order metabox was never saved correctly due to an impossible response code condition in send_paygold_link(). The function now uses the same validation logic as the checkout flow (response code 9998). * FIX: Fixed undefined $description variable in paygold_metabox_save() when sending a PayGold link from the order edit screen. * FIX: Custom notification domain (redsys_url_notify) was broken by check_url() prepending home_url() to URLs that already had a different domain. check_url() now detects absolute URLs and preserves them as-is. * FIX: get_notify_home_url() now automatically adds https:// when the custom notification domain is saved without a scheme. * FIX: PHP 8.3+ compatibility — Fixed deprecated warnings for passing null/false to string functions (trim, strlen) from get_option() calls in get_txnid(), get_token_type(), and connect_standard_imap(). * FIX: PHP 8.3+ compatibility — Fixed add_submenu_page(null,...) in setup guide causing strpos()/str_replace() deprecation warnings.
* NEW: Virtual / Downloadable Products order status override in Advanced Settings. When all products in an order are virtual or downloadable, the order status can be automatically set to Completed instead of Processing. * NEW: Redsys response code 0115 (card cancelled or account closed) now automatically deletes the stored card token, notifies the customer with instructions to add a new payment method (My account > Payment Methods), and notifies the admin. * NEW: Admin email notification when a customer's credit card is automatically removed due to Redsys hard-decline response codes (0115, 0172, 0173). * NEW: Improved customer email when a card is removed — now includes the last 4 digits of the card, the error code, and a direct link to add a new payment method. * NEW: COF_INI (Credential on File initial) flag is now saved to order meta (_redsys_cof_ini) for all COF transaction types (R and C), preventing duplicate token creation when COF_INI=N. * FIX: Conditional Rules test mode now correctly applies to the Redsys gateway URL. Previously, orders with conditional rules overriding test mode still used the default gateway URL. * FIX: Fixed duplicate token creation when customer already has a saved card and COF_INI=N is sent to Redsys. * FIX: Fixed undefined array key warnings in save_field_update_order_meta() when conditional rules data is incomplete. * FIX: Fixed $redsys->debug reference using wrong variable in preauthorization logging (now uses $this->debug). * FIX: Fixed sanitize_text_field applied before substr for HTTP_ACCEPT_LANGUAGE in Google Pay and Apple Pay Checkout, ensuring correct sanitization order. * FIX: Google Pay Checkout now ensures WooCommerce transactional emails are initialized before calling payment_complete() in payment callbacks.
* FIX: Google Pay Express Checkout now triggers WooCommerce transactional emails after successful payment (customer and admin).
* NEW: Conditional Rules — visual rule builder to override payment parameters (terminal, merchant code, SHA256, transaction type, test mode, etc.) based on order conditions (category, tag, amount, currency, language, user role). * NEW: Added preauthorization support for Google Pay and Apple Pay. * NEW: Google Pay and Apple Pay now save merchant code to order meta for preauthorization operations. * UPDATE: Refactored InSite payment form error handling with AJAX-based refresh instead of full page reload. * NEW: Added post_payment_complete hooks for Bank Transfer, IMAP email processing and Inespay gateways. * FIX: Fixed InSite COF_TYPE detection that caused incorrect credential-on-file type in REST payments. * FIX: Fixed Ds_Card_PSD2 using wrong variable in REST payment path. * FIX: Fixed InSite orders being marked as paid without Redsys authorization when a third-party plugin filters woocommerce_cart_needs_payment. * FIX: Improved InSite checkout routing using REST_REQUEST instead of checkout_use_block() for reliable shortcode/block detection. * SECURITY: Masked secret SHA256 key in debug logs.
* FIX: Fixed Express Payment (Google Pay / Apple Pay) not applying IRPF correctly when using Autonomos Premium. Totals now reflect the correct amount including retention. * FIX: Improved compatibility between Express Payment custom fields and Autonomos Premium surcharge calculation. * FIX: Fixed EMV 3DS timezone fields not being saved for users in UTC+0 timezone (e.g. Canary Islands), which could cause errors in 3D Secure authentication.
* FIX: Google Pay Redirection now uses strict equality check to prevent it from appearing in checkout block when disabled. * FIX: Fixed YITH Subscriptions renewal payments not processing - added missing return false when customer has no saved token (Redsys and InSite gateways). * FIX: Fixed YITH Subscriptions renewal payments staying on-hold - added missing return false when Redsys returns an error response (Redsys and InSite gateways). * FIX: Added ywsbs_register_failed_payment() call when token is missing to properly notify YITH Subscriptions of the failure.
* FIX: Fixed PHP 8.4 compatibility - nullable parameters are now explicitly declared in REST controller methods. * FIX: Fixed "$this" usage in static methods for Apple Pay Checkout and Redsys gateway subscription renewal processing. * FIX: Apple Pay and Google Pay Express Checkout no longer appear as regular payment methods in the checkout block (they only appear in the Express Checkout section as intended).
* FIX: Load Redsys IMAP support before scheduling the email checker cron, avoiding “no callbacks registered” warnings for `redsys_check_emails_cron`. * FIX: Hid the development-only “App & Push” settings section so it no longer appears in production admin menus.
Enables customers to quickly repurchase products they previously bought from your WooCommerce store.
Create membership sites with WordPress and WooCommerce, restrict content to members, and schedule content delivery over time.
Extends WooCommerce shipping with customizable table-based rate configuration for specific zones and conditions.
WooCommerce coupon management plugin for creating, distributing, and tracking promotional offers and discounts.
Integrates USPS shipping with WooCommerce to display real-time shipping rates and costs at checkout.
Enables customers to ship individual items from a single order to multiple different delivery addresses.