A critical issue that has been identified in the recent release of our PDF Invoices & Packing Slips for WooCommerce – Professional plugin (the “Professional extension”) version 2.15.4.
If you are currently running version 2.15.4 of our Professional extension update immediately to the latest version!
Issue Details #
In version 2.15.4 of the Professional extension a bug was discovered that allowed orders to be processed without the corresponding payment being made. Although these orders were marked as paid during the checkout process, no actual payment was collected from the payment provider.
The culprit was a new feature that was supposed to add an additional payment gateway to your checkout process, giving your customers the ability to pay through an invoice. However, a small error in the logic in one of the filters that were used for this feature (woocommerce_order_needs_payment) allowed other payment gateways to also accept orders without payment.
Version 2.15.4 was live very briefly and we quickly notified our customers through an email campaign, and through an admin notification in version 2.15.6. We also actively scanned for sites running version 2.15.4 and reached out through email, phone and/or social media if we detected an affected domain.
Version 2.15.4 was released on January 9th 2024, 16:18 UTC. After receiving the first notices of this issue we immediately released version 2.15.5 on January 10th 2024, 08:06 UTC, that reverted back to the previous state of the plugin.
Action Required #
- Update the Plugin: Please update PDF Invoices & Packing Slips for WooCommerce – Professional to the latest version (2.15.5 or higher) as soon as possible. You can do this by navigating to your plugin list in your WordPress dashboard, or by downloading the latest version via your WP Overnight Account.
- Review Orders: After updating to version 2.15.5 (or higher), we recommend checking all orders placed between the time you updated to version 2.15.4 and the subsequent update to version 2.15.5 (or higher). Any orders during this period may not have been properly processed in terms of payment.
- Address Unpaid Orders: For any orders that were processed without payment, please contact the customers involved to arrange for the necessary payment. We understand the sensitivity of this situation and sincerely apologize for any inconvenience it may cause.
Affected orders #
Orders placed while version 2.15.4 was active on your site have to be checked, as they may not have been properly processed in terms of payment. To more easily track which orders possibly were affected we’ve added a tool in version 2.15.6 of the plugin. This tool can be found via: WooCommerce > PDF Invoices > Advanced > Tools > Payment gateway bug
It will only show up if you were running either version 2.15.4 or version 2.15.5 before updating to version 2.15.6. As orders could only be affected in between running version 2.15.4 and 2.15.5. The tool will show you all orders from the 9th of January 2024 and beyond that have no transaction ID but were marked as paid (order status processing or completed). This should give you a list of orders that might be affected by this issue.
The tool also provides you with a payment link for the order. If you want to reach out to the customer that placed the order and request payment, you can copy the link and set the order to the ‘Pending payment’ status. This will make the order eligible for payment once more. After the customer clicks on the link they will be redirected to your checkout to make payment for the placed order.
Please note that this is a possible way of resolving the issue with your customer. But might not be ideal for every store setup, as it basically reverts the order back to when it was just created and will go through the rest of the usual order flow after payment has been received. You will have to decide if this is a proper solution for your specific setup.
Additional Support #
If you encounter any difficulties during the update process or have further questions, our support team is available to assist you. Feel free to reach out to support@wpovernight.com for assistance.
