WooCommerce Email Invoice changes

Hi @trulinegraphics

Thank you for reaching out — we’re happy to help!

In the last update to WC it broke my work flow. I create a lot of invoices and email them to customers via email or in messenger. Now when I send an invoice link they are forced to enter an email address to continue to checkout. Like some kind of spam validation. I never changed any WC account settings so I can’t figure out why this is happening.

From what I gather, a workflow that is forcing customers to enter their email address in order to continue to checkout started appearing when WooCommerce was updated to version 8.9.3. Am I getting this?

Just to clarify, WooCommerce was the only plugin/code that was updated at that time, or otherwise?

The reported issue here sounds related with the invoice functionality that is utilized at your store. Just to be sure, did you already have a chance to reach out to its support channel regarding this, or otherwise?

Is this a setting that can be disabled? If not I am going to have to rollback to a previous version and never upgrade because this is the dumbest update ever. If users are not required to create an account why would they have to verify their email address? It’s not like someone is going to hack into a website to pay someone else’s invoice.

The website is running WooCommerce 8.9.3 on WP 6.5.4. Any input on this matter would be appreciated.

While searching in the changelog of WooCommerce (link here, for reference), I could not find any reference of such a change.

Moreover, the latest version at the time of writing this is version 9.0.0. Feel free to update to it, for testing — preferably with a staging environment, after making sure a backup is available, as this is always good practice before updating code at a store.

I hope this is helpful! We look forward to your response. In the meantime, please let us know if you have any further questions or concerns.

• This reply was modified 4 months ago by anastas10s. Reason: typo

Sorry I just saw this reply, still fighting this issue.

I had reached out to official WC support before I posted this question because after 2 back and forth emails they were clueless and suggested I post here. I suspect the change was made here:

= 8.9.3 2024-06-10 = **WooCommerce** * Security – Prevent HTML & JS injection attacks on registration and checkout forms when the Order Attribution is enabled.

That doesn’t specifically say it was changed but it’s extremely illogical to add sql injection prevention on the payment form where customers are trying to pay for their order. This page is only accessed with a unique direct link that is sent to them via email or text. The only thing I could do is revert back to a much older version of the plugin. If I can’t get the WooCommerce team to even admit they changed this, there’s no way I’m finding a work around or fix for the issue. I think it’s because they would publicly admit there was a vulnerability. I just have to accept defeat and lose more orders because of a bad coding policy I guess lol, there’s nothing I can do at this point.

Hey, @trulinegraphics!

Can you please share the exact steps you take to trigger this so we can see if we can replicate it on our end and investigate it further?

Also please share the System Status Report which you can find via WooCommerce > Status > Get system report > Copy for support.

Looking forward to your reply.

Have a wonderful day!