Skip to main content

WP eCommerce Core Plugin - Changelog

[9.8.0] - 2026-06-23 — HR module, ΕΡΓΑΝΗ foundation & full ERP user lifecycle

Added

  • New HR module (Business tier). Employee directory, departments, a leave-approval workflow (request → manager approve/reject, with email notifications + per-employee leave balances) and time entries. An HR dashboard shows headcount, who's out today and pending approvals. A new Employee Self-Service ("My HR") area lets staff with a linked account see only their own profile, leave balance, requests and time entries. Time tracking is built ready for the upcoming ΕΡΓΑΝΗ Digital Work Card.
  • One-click employee self-service accounts — create and link a self-service login straight from the Employee form; the new account gets the standard set-your-password email.
  • Full ERP user lifecycle — Deactivate → Reactivate → Remove (the person's WordPress account is intentionally kept; the last ERP administrator can't be removed).
  • ΕΡΓΑΝΗ integration — connection foundation. A new admin-only ΕΡΓΑΝΗ settings page to enter credentials, employer details and Test/Production mode, then verify with Test Connection. Credentials are encrypted at rest. (Submissions arrive in a later release.)
  • myDATA transmission notifications — a success/failure toast when transmitting an invoice, plus a native Windows notification in the Flavor ERP Desktop app when its window isn't focused.

Updated

  • New public health endpoint for the Flavor ERP Desktop app's first-connection check (identity + version only).
  • Developer/destructive admin Tools are now hidden on customer sites unless explicitly enabled — and refuse to run when hidden. Cache, database sync/optimize and the storefront pages helper stay available.
  • Clearer database-repair guidance when tables are missing — now points to the visible Sync Database action.

Fixed

  • Employees can pick a leave type when requesting leave from self-service (the dropdown was empty for them).
  • ΕΡΓΑΝΗ connection — login type is now selectable and the connection-test request matches the official ΕΡΓΑΝΗ guide, resolving a persistent "credentials not correct" error.
  • ERP "Assigned To" / "Linked Account" dropdowns no longer come up empty.

[9.7.0] - 2026-06-15 — ERP Role-Based Access Control & faster ERP

Added

  • ERP Role-Based Access Control. Each ERP user's role now genuinely controls what they can see and do: Manager, Accountant, Warehouse, Sales, and read-only Viewer each get exactly their own modules; configuration, users and tax (myDATA) stay administrator-only. Site administrators always keep full access.

Updated

  • Faster ERP screens for non-administrator roles — removed repeated database lookups that ran on every ERP page load.

Fixed

  • The eCommerce admin menu no longer errors on a site without an active license — it shows a clean prompt to activate instead.
  • Restore points are now captured before component updates (enabling one-click rollback — see Flavor Core), plus internal cleanup.

[9.6.0] - 2026-06-08 — In-place ERP roles, branded ERP login & a responsive Product editor

Added

  • Change an ERP user's role in place. In the ERP app (Settings → Users) you can now pick a new role straight from the users table — no more deactivating and recreating a user to fix a role.
  • Standalone, branded ERP login page. An optional clean, Flavor-branded sign-in page for the ERP at /erp/login (Settings → Login Portal) with your own logo and accent color. Security is unchanged — it still uses WordPress sign-in under the hood, so two-factor, brute-force protection and "forgot password" all keep working.

Updated

  • Faster payment-return and barcode lookups on large stores. Order lookups during card-payment returns and product-by-barcode scans now use database indexes instead of scanning every row.
  • ERP reliability & performance hardening. Lower memory use when backfilling inventory, much faster warehouse deactivation/deletion on large catalogs, and stricter validation of ERP settings.

Fixed

  • The Add/Edit Product screen is now fully responsive from laptop to phone. The side panel becomes a slide-in "Details" drawer, tabs scroll, and the action buttons move to a thumb-friendly bottom bar. The Brand field was rebuilt with a cleaner look, type-ahead search, and inline "create new brand".
  • Variable-product attribute values no longer split apart on smaller screens — each value stays an intact chip.
  • ERP-only Cost / Cost Source fields are hidden on stores without ERP, for a cleaner Pricing tab on Starter installs.
  • ERP "User Management" page fixed — no longer shows "0 users" or white-screens when adding a user.
  • Checkout stock accuracy — closed a rare race where two simultaneous orders for the same product could both pass the stock check and oversell.
  • Prices are returned cleanly (e.g. 24.44 instead of long trailing decimals).
  • Security: a payment-return token check (NBG) is now constant-time.

[9.5.0] - 2026-06-01 — Payment reliability, faster stock checks & barcode scanning

Added

  • In-browser barcode scanning for inventory stocktake — use your phone, tablet, or laptop camera to scan product barcodes during stock counts, with a manual-entry fallback for hardware scanners.

Fixed

  • Card payment returns now reliably land on the order-confirmation page after you return from the bank's secure page (NBG, Viva, Everypay, Nexi). Previously some successful payments could show a "cancelled" page even though the charge went through.
  • Eurobank / Cardlink payments — resolved credential, order-reference, and installment issues so payments complete and confirm correctly.
  • Stock — fixed an "insufficient stock" error at checkout on stores not using the full warehouse system, and stopped failed-stock orders from leaving a leftover order behind.

[9.4.0] - 2026-05-22 — Minor: ERP cost-source mass-apply + admin-editable email templates + 24 reliability fixes

Stable release promoted from v9.4.0-beta.1 after dev-cycle + beta smoke testing. Three structural threads land together: a long-awaited ERP cost-source mass-apply tool, admin-editable email templates (with supplier emails now properly integrated), and a large reliability sweep across ERP settings persistence, variant cost handling, and admin UX.

Added

  • ERP cost-source mass-apply tool. The "Default cost source for new products" dropdown on Settings → ERP → Integration Policies now actually applies — both at product creation (new products inherit the configured policy instead of always landing on "Manual") AND retroactively for your existing catalog. A new "Apply '<current policy>' globally to existing products" button under the dropdown opens a typed-confirmation modal: type "APPLY" to bulk-update every product + variant in your catalog to the chosen cost source. Cost VALUES recompute on the next product save or supplier-price update (the policy switch alone doesn't time out on large catalogs). Defense-in-depth: client + server typed-confirmation gates. Documentation in the policy card explains the 3 cost-source dimensions clearly (per-product manual override · per-new-product default · mass-apply).

  • Reset email template to default. Every editable email template (15+ customer/admin/supplier templates on Settings → Emails) now has a "Reset to default" button in the editor footer. Reverts the template to the built-in copy without affecting other templates. Confirms before applying.

  • Supplier emails are now properly editable templates. Purchase Order notification emails to suppliers were previously hardcoded plain-text — operators couldn't customize the wording or branding. Now they live alongside customer + admin templates: a new green-badged "🏭 Supplier Emails" section in the sidebar, with the "Purchase Order Sent" template fully editable (subject, heading, body, placeholders: supplier name, PO number, expected date, line items HTML, gross total, notes, store name). Existing PO line-item table format remains hardcoded — admin can edit container copy but not per-line format (future iteration).

  • "Assigned To" dropdown on Contact create modal. ERP CRM Contact create modal previously omitted the Assigned To field even though the database supported it — new contacts landed unassigned. The field is now exposed as a dropdown populated from active ERP users, defaulting to the current operator. Fail-soft if the user list can't load (modal stays usable); preserves stored assignment when an assigned user is later deactivated.

Updated

  • Tested up to WP 7.0. Header bump only — no code changes required. Pre-release discovery flagged zero high-severity compatibility risks against the 7.0 surface.

  • Cost auto-recompute on product/variant save. Previously, changing a product's cost-source policy from "Manual" to "Latest supplier price" (or Lowest/Average) and clicking Save left the cost field empty until the operator manually triggered a supplier-price edit. Now the recompute fires immediately on save — operator sees the correct auto-computed cost on first reload. Manual policy still gates correctly: operator-pinned values are never auto-touched.

  • latest_supplier cost policy now tracks edits, not just inserts. Previously the "Latest supplier price" cost source resolved to the most-recently-INSERTED supplier price for the product. Edits to older supplier prices wouldn't bubble them to the top — producing stale/wrong cost values. The supplier_prices table now carries proper created_at + updated_at timestamps + an index for the recompute query path. Edit a supplier price → that supplier price is treated as "latest" on the next recompute. Migrations are idempotent + safe to re-run.

  • Expired supplier prices no longer leak into cost calculations. Three cost policies (latest_supplier, lowest_supplier, average_supplier) now correctly filter out supplier prices whose valid_until date has passed. Previously, expired rows were silently included in the recompute, surfacing old/incorrect cost values when operators thought they'd retired a supplier.

Fixed

  • License quota false-FAIL for licensed customers (CRITICAL fix). A defense-in-depth product-quota check at the REST API layer was reading from a license-data location that had been migrated away from in a prior release — every licensed install was silently being read as "free tier" by this secondary check, then blocked at 25 products despite the primary license gate passing. Symptom: licensed customers with >25 products saw "quota exceeded" errors on product list views. Now reads the canonical license-data location like every other check in the system.

  • ERP Settings dropdowns now reliably save + persist across reload. A cascade of related bugs in the Integration Policies dropdown UX was caught + closed during dev VPS smoke testing: the save endpoint crashed on every dropdown change (PHP TypeError), the load-back response shape didn't match what the React layer expected, the bulk "Save Settings" button was overwriting auto-saved per-dropdown values with stale local state, AND the JavaScript was sending the request body in a format the custom apiFetch wrapper silently discarded. All four layers fixed; ERP settings save reliably across all paths.

  • Inventory upsert now atomic — no race-window crashes on concurrent stock writes. The stock-level upsert path previously used a SELECT-then-INSERT/UPDATE flow that left a tiny race window where two concurrent writers for the same (warehouse, product, variant) tuple could both pass the existence check and both attempt INSERT — the UNIQUE constraint would then crash one of them. Now uses a single atomic INSERT ... ON DUPLICATE KEY UPDATE statement — no race window, single round-trip.

  • Supplier price "+ New Price" no longer crashes on duplicate (supplier, product, qty) entries. Adding a new supplier price for an existing (supplier × product × min-quantity) combination previously crashed with a UNIQUE-key duplicate error → silent UI failure with no toast feedback. Now upserts cleanly — adding a "new" price for an existing combination updates the existing row.

  • Warehouse backfill ~10-20× faster on large catalogs. Creating a new warehouse used to materialize the entire product + variant catalog into PHP arrays just to write zero-stock rows back to the database — taking 600-1200ms of UI-blocking time on 5000-item catalogs. Now uses pure-SQL INSERT ... SELECT statements: at 5000 items, the response drops to ~30-50ms.

  • Variant cost + cost_source columns now persist correctly through every save cycle. A subtle drift had developed between the Variant entity and its database columns — the cost + cost_source fields existed in the database (used by the cost-source recompute) but the entity didn't have matching properties, so a normal save cycle would have wiped them. Closed proactively before any data loss was observed in production.

  • Tooling for purging stale supplier prices + unmount cleanup on supplier price modal. Two small ERP fixes: the supplier price modal now properly cleans up its in-flight state when closed mid-edit (no React 18 warnings), and supplier_prices that are past their valid_until date are correctly excluded from cost recomputation across all three policies that consume them.

  • Purchase Order email no longer crashes on misconfigured SMTP. If wp_mail() throws (host unreachable, strict auth failure, mailer crash mid-send), the PO status-change request previously surfaced an HTTP 500. Now the exception is caught + logged + the operator gets a clean "sent / failed" status indication. The safety envelope was generalized during the email-templates closure to cover every email path in the plugin — every template + supplier + any future addition inherits the same protection.

  • Plus 9 internal reliability fixes — licensing surface refactored to share base classes with the theme (~800 LOC reduction · single source of truth for license gate semantics, integrity verifier algorithm, product registry, Ed25519 keys, domain normalization), supplier price filtering, post-deployment component-version syncing across the plugin/theme/core trio, and additional defensive hardening on the licensing surface.


[9.3.0] - 2026-05-15 — Minor: Separate ERP database + Storefront ↔ ERP automatic sync + 19 reliability fixes

Promoted from the 9.3.0-beta cycle (May 8 → May 14) after 26 beta iterations and a 20/20 PASS verification sweep on the storefront↔ERP integration. Two structural additions land together — separate ERP database support and full automatic sync between storefront and the native ERP — plus 19 reliability fixes that surfaced during dev VPS smoke testing.

Added

  • Separate ERP database support. ERP data (invoicing, inventory, purchasing, accounting, CRM) can now run on a dedicated database connection, separate from your WordPress site database. Useful for B2B deployments with stricter data isolation requirements, independent backup schedules, or shared-ERP-across-multiple-storefronts setups. Configure via the ERP Settings tab. Same-database installs (the default) continue to work unchanged — this is opt-in advanced infrastructure. Requires the ERP DB to live on the same MySQL server as the WordPress DB.

  • Storefront ↔ ERP automatic sync. When you create a product, stock entries are automatically registered in the ERP across every active warehouse. When you create a warehouse, stock entries are automatically registered for every existing product (with a deferred-prompt path for catalogs over 5,000 items to avoid blocking the admin UI). When a customer places their first order, a CRM Contact is automatically created (configurable policy: on-first-order [default], always, or manual-only). Supplier prices automatically update product cost (with operator-controlled policy: lowest / latest / average / manual override). Storefront and ERP stay in lockstep without operator effort.

  • Inventory backfill tool. One-click button on ERP Settings to bulk-create stock entries for existing products that pre-date your ERP activation. Preserves your current stock counts. Available via ERP → Settings → Inventory Backfill.

  • ERP data migration tool (for existing customers). New section on ERP Settings → Database Connection card. If you previously had ERP data in your main WordPress database and want to flip to a separate ERP DB, this tool will: (a) preview what would migrate per-table with row counts + status (ready / already-migrated / table-missing), (b) run the cross-database INSERT with full JSON backup retained under wp-content/flavor-backup/, (c) optionally clean up main-DB ERP tables after you've independently verified the migration. Cleanup requires a typed confirmation in addition to a confirm dialog. Per-table verification ensures ERP row count is ≥ main row count post-copy.

  • Setup checklist on ERP dashboard. New widget at the top of the ERP dashboard surfaces the recommended setup steps (default warehouse, cost policy, contact policy, inventory backfill, supplier setup) with status icons + action buttons. Self-hides when complete; per-user dismissal available.

  • Soft-delete vs permanent delete for warehouses. Warehouses now have two distinct delete paths: Deactivate (default — preserves stock data, reversible) and Permanently Delete (in a "Danger Zone" section, requires zero stock + typed confirmation). Default warehouse is protected — you must reassign default before either action. New REST endpoints POST /warehouses/{id}/deactivate and /activate for programmatic toggle.

  • Product cost field. Products and variants now have a Cost field (alongside Price/Sale Price), with admin policy for how it's filled: manual entry, lowest supplier price, latest supplier price, or average across suppliers. Internal-only — never displayed to customers — used for profit margin reporting and ERP accounting. Cost field becomes read-only when policy is non-manual; switch to manual to override per-product.

  • CRM Contact ↔ Customer link integrity. Linked Contact records (those tied to a specific Customer) now have read-only demographic fields (name, email, phone) — these are managed at the Customer level and sync down automatically when a customer updates their profile. Notes, tags, type, and other CRM-specific fields remain operator-editable as usual. Standalone Contacts (vendors, leads without storefront accounts) are fully editable.

  • Stock quantity is now ERP-managed on Business-tier installs. The Stock Quantity field on product / variant edit pages becomes read-only with an informational banner ("Stock managed by ERP — adjust via ERP → Inventory") when the ERP Inventory feature is enabled. Eliminates the silent drift where editing stock_quantity in the storefront admin previously left the ERP unaware. Starter-tier installs (without the ERP Inventory feature) keep the field editable as before — no behavior change.

  • "+ Add Price" button on supplier price lists. The supplier price list tab previously only exposed inline Edit/Delete on existing rows. New "+ New Price" button on the supplier selector card lets you add a new supplier_price through the UI with product search (debounced) + price / min-qty / valid-from / valid-until fields.

  • Resend Purchase Order email. Send action on Purchase Orders now actually emails the supplier (was previously a status-only flip — no email went out). Plus a new Resend button on PurchaseOrdersTab actions for rows in sent or partial status. Email body includes store name, PO number, expected delivery date, line items table, gross total, notes, and signature.

Fixed

  • ERP stock operations now work correctly with separate-database setups. Multiple low-level reliability fixes for the cross-database integration layer: stock adjustments during sales, refunds, manual count corrections, purchase order receipts, and inter-warehouse transfers all work end-to-end across the storefront ↔ ERP boundary. Goods receipt atomicity is now preserved under concurrent checkouts. Inventory migrations during ERP database activation now correctly map your existing stock_quantity values into per-warehouse stock entries.

  • Stock Levels page no longer crashes on freshly created warehouses. Previously, opening ERP → Inventory → Stock Levels on a site where the operator hadn't yet promoted any warehouse to default could return a 404. The page now falls back automatically to the first active warehouse. The very first warehouse you create is auto-promoted to default — no manual step required.

  • Purchase Order modal — edit mode now shows existing line items. Previously, opening an existing PO in edit mode displayed an empty line items table because the modal didn't re-fetch full PO data on mount. Now the lines populate correctly. Plus: price prefill on adding a product to a PO now falls back through supplier_price → product retail price → 0 (was supplier_price → 0 only), so the common case becomes zero-click default. Modal width expanded from 800px to 1000px so the VAT column displays fully.

  • Receive Goods modal — pre-fills "Receive Now" with remaining quantity. Previously you had to either type each quantity manually or click "Receive All Remaining" every time. Full receive on PO arrival becomes the zero-click default.

  • Product search in supplier price flows returns matches correctly. A response-shape mismatch between the storefront product search API and the ERP-side adapter caused product searches to silently render zero results despite a successful backend match. The adapter now handles both response conventions.

  • Product cost field saves reliably. A silent data-loss path was caught and closed: previously, opening a product edit page on the Business tier (with the ERP cost feature active) and saving could wipe a previously-computed cost back to NULL because the load-edit-save cycle skipped the cost columns. The save cycle now correctly preserves cost and cost_source through every transition.

  • Dashboard "Update available" pill clears after successful component installs. Previously, after installing a component update, the orange "Update vX.Y.Z" pill kept rendering until you clicked "Check for Updates" again. The dashboard now drops the pending-update entry immediately on successful install.

  • Component update detection now covers the plugin core component. Previously, the "Check for Updates" button on the Flavor Core dashboard couldn't detect updates to the plugin's core business logic component (it only listed gateways / couriers / marketplace feeds / ERP UI). Updates for the core component now surface alongside the others.

  • CRM Integration Policies card on ERP Settings tab. New section with two dropdowns: Auto-Contact Creation Policy (Always / On First Order / Manual Only) and Default Cost Source (Manual / Lowest Supplier / Latest Supplier / Average Supplier). Saves on change with inline status indicator.

  • Two cheap performance wins for sites running ERP: repeated ERP database credential lookups during checkout are now cached per request (saves ~0.3-1.2ms per inventory-touching request); first-order detection in the CRM Contact creation path now uses a state-based signal instead of a per-order count query (saves ~1ms per order save).

  • Product Form admin — pricing section spacing + discount badge placement. The pricing fields (Regular Price / Sale Price, Cost / Cost Source, Tax Class) were visually cramped, and the discount badge was rendering below the row at full width — visually attaching to the Cost field that came next. Fixed both: added vertical breathing room between rows; relocated the discount badge inside the Sale Price field cell so it semantically and visually attaches to its source data.

  • Integrity verifier on freshly cloned sites — install date is correctly identified. Previously, a name mismatch between the integrity check and the activation hook meant the verifier silently entered "first run, no timestamp" branch on every page load, effectively giving itself a fresh 24-hour grace period indefinitely. Resolved.

Internal (build pipeline & infrastructure)

  • Component build pipeline polish (three coordinated improvements): the build script now auto-bumps component patch versions when source files change, auto-reconciles the internal plugin-core version reference, and auto-writes the changelog bump entry — eliminating three documented manual-sync failure modes that contributed to a multi-day debugging marathon in mid-May.

[9.2.0] - 2026-05-04 — Minor: Licensing consolidation + checkout perf + option-write speedup

Minor release pairing with Flavor Core v2.4.0 and Theme v7.0.0. Two architectural cleanups (licensing layer consolidation + Hub HTTP client extraction — both internal) plus two customer-facing performance wins.

Breaking (internal API only — public surface preserved)

  • Plugin licensing now fully managed by Flavor Core. The plugin's internal license manager + fingerprint files were retired — Flavor Core is the single source of truth across both products. The public license API used by extensions stays unchanged; only the internal storage location moved. A one-shot migration runs on first admin load — legacy plugin license stores are copied into Flavor Core's encrypted store and the legacy files removed. No customer action required. Requires Flavor Core v2.4.0+.

Fixed

  • Faster checkout for B2B carts. Stock validation on order submission was loading product/variant data one row at a time — 10-item carts hit 10 sequential database queries; 50-item B2B carts hit 50. Now batched into 1-2 queries regardless of cart size. Saves ~20-40ms on typical carts, more pronounced on large B2B orders.
  • Faster plugin option saves (~20-40ms per save) — every "Save" button on every plugin settings tab is now half the database cost.

[9.1.2] - 2026-04-30 — Patch: security hardening + admin performance + Hub channel coordination

Patch release closing 5 security improvements, 2 admin-path performance wins, and the plugin-side wiring for the Release Channels infrastructure (Stable / Beta).

Fixed

  • License expiration now strictly enforced. Closes a grace-period exploit where a lapsed license could keep working if the license server was unreachable. The plugin and theme now apply identical expiration rules.
  • License gate tightened. Removed an extension point that could be abused to bypass premium feature gates. Legitimate telemetry hooks remain via a read-only event.
  • Webhook replay protection across all payment gateways. Stripe, PayPal, Viva Wallet, Everypay, Nexi, NBG, and Eurobank webhooks now detect and silently ignore duplicate deliveries — prevents duplicate refund / cancel processing under provider retry storms.
  • Cart access errors recover automatically. When a customer's browser cookie diverges from the cached cart ID (private browsing, cookie cleanup, 7-day cookie expiry), the cart silently re-syncs from the cookie instead of returning a permanent error.
  • Gateway secrets masked in admin views. API keys, webhook secrets, merchant credentials, and myDATA credentials now show as ***<last4> in REST responses — preserves visual recognition without leaking the full secret to logs or browser dev tools.
  • Email-check privacy improvement. The /checkout/check-email endpoint now returns a single boolean instead of 4 differentiated fields — hides which type of account a given email belongs to.
  • Admin page load ~50× faster on cold cache. Eliminated redundant table-existence checks on every admin page load. After server restart or migration deploy, admin pages now load in ~30ms instead of ~1.76s.
  • Role registration deduplication. Shop roles and capabilities are now re-registered only when the schema actually changes (plugin update, capability matrix change, custom role CRUD) — previously fired on every admin page request.
  • Component installer coordinates with Release Channels. Plugin component downloads now declare the site's chosen update channel (Stable or Beta) on Hub calls. Pairs with the Flavor Core channel selector at Flavor → Settings.

[9.1.1] - 2026-04-28 — Patch: license auto-recovery + cross-product log coordination

Sibling patch to Theme v5.1.1 and Flavor Core v2.2.1.

Fixed

  • License recovery now self-heals. Same defensive recovery as the theme: when the local plugin license token drifts from the Hub's record, component downloads recover transparently in a single round-trip instead of returning a 403 error and requiring a manual deactivate-reactivate-reinstall cycle.
  • Plugin install flow now cooperates with theme update window. The plugin's component install requests now refresh the cross-product update flag, so the theme's debug log stays clean through the whole install cascade — not just the first phase. Requires Theme v5.1.1+ and Flavor Core v2.2.1+.

[9.1.0] - 2026-04-27 — Security hardening release

Major security release closing audit findings across payment webhooks, My Account flows, Cart & Checkout, Skroutz marketplace integration, ELTA shipping, and the licensing trust chain. Payment webhooks now hard-fail when verification secrets are missing (rather than silently accepting unsigned events). Cart and Checkout endpoints bind to the visitor's session cookie to prevent cross-session takeover. My Account password and email changes gain rate-limiting and re-authentication. ELTA shipping refuses production mode unless an explicit override is set in wp-config.php (the ELTA SOAP endpoint transmits credentials in plaintext). Requires Flavor Core v2.2+.

Added

  • Optional HMAC signing for Skroutz webhook. Set a shared secret in WP eCommerce → Marketplace → Settings to require an HMAC-SHA256 signature on every Skroutz webhook — defense in depth on top of the existing IP allowlist.
  • Webhook routing-layer protection. The payment webhook entry point now applies a 1 MB body cap, per-IP rate limit (60 requests / minute / gateway), and rejects unknown gateway IDs before reaching gateway-specific code.
  • Stronger license trust chain. Component installer validates destination paths against an allowlist and refuses unsigned packages outside developer environments. Requires Flavor Hub v1.3+ for the new fingerprint-bound download flow.

Updated

  • Skroutz webhook IP detection now uses the real connecting IP (REMOTE_ADDR) by default, no longer trusting the spoofable X-Forwarded-For header. Reverse-proxy setups can opt back in via two wp-config.php constants (WPEC_MARKETPLACE_TRUST_PROXY + WPEC_MARKETPLACE_TRUSTED_PROXIES).
  • My Account form validation is more consistent. Address and profile fields are sanitized at the input boundary and length-capped to standard limits; email changes additionally validate format and reject CRLF-injection attempts.

Fixed

  • Payment webhook signatures are now mandatory. PayPal, Everypay, Viva Wallet, Nexi, and NBG webhooks now refuse processing when the verification secret is missing, instead of silently accepting unsigned events. Configure the webhook secret in each gateway's settings to enable webhook delivery in production. Local development can use a WP_ENVIRONMENT_TYPE=development override.
  • Shop Manager privilege escalation closed. A shop manager could previously create a WordPress administrator account via the REST API; this is now blocked at the role-validation layer.
  • Cart and Checkout cross-session takeover closed. Cart and Checkout IDs are now bound to the visitor's session cookie. Attempting to access another visitor's cart / checkout returns 403. Logged-in cross-device resume continues to work.
  • Customer enumeration on /checkout/check-email rate-limited. Bulk email-existence probing is now throttled to 5 lookups per minute per IP. The same throttle applies to product review submissions.
  • Password change is now rate-limited and email change requires re-authentication. Five failed password attempts in an hour return a 429. Changing email address now requires entering the current password again. Successful password change invalidates other browser sessions.
  • Webhook bodies no longer log raw secrets. Eurobank, Viva, Nexi, and NBG: the "Received webhook" log line now runs only AFTER signature verification succeeds, and only logs identifiers (order ID, event type) rather than the full body. A defensive Logger redaction layer in Flavor Core v2.2+ provides a second layer of protection.
  • ELTA shipping refuses production mode by default. The ELTA SOAP endpoint transmits credentials over plain HTTP. Production mode is now blocked unless WPEC_ELTA_ALLOW_INSECURE_PRODUCTION is explicitly defined in wp-config.php. Test mode is unaffected.

[9.0.1] - 2026-04-24 — Debug Viewer integration

Patch release that connects the plugin's logging to the new unified Debug Viewer shipped in Flavor Core v2.1.0. Fully backward-compatible — no changes required to existing code.

Added

  • Debug Viewer integration. Plugin logs (payments, shipping, ERP, checkout, etc.) now flow into the new unified Flavor → Debug viewer — browse, filter, and download logs from a single place. Requires Flavor Core v2.1+.

[9.0.0] - 2026-04-22 — Full source-code protection

Major release: the entire plugin — core eCommerce engine, payment gateways, courier integrations, ERP backend, myDATA integration — now ships as ionCube-encoded PHP. Previously only licensing files were protected. All 15 plugin components delivered through Flavor Hub (8 payment gateways, 3 couriers, 2 marketplace feeds, ERP SPA, core bundle) are also now encrypted.

Breaking

  • Full source-code encryption. Every plugin PHP file is now ionCube-encoded in production builds, except the WordPress-required entry file (wp-ec.php). Third-party libraries under vendor/ remain unencoded (per their open-source licenses). Requires ionCube Loader 14+ on your server — already a requirement for the licensing system.
  • All Hub-delivered plugin components are encrypted. Payment gateways, courier integrations, marketplace feeds, the ERP interface, and the core bundle are now encrypted before upload.

[8.3.3] - 2026-04-22 — Debug Logs integration

Patch release connecting the plugin's logging to the new file-based debug logger shipped in Flavor Core v1.2.0. When Core is active, plugin log entries (payments, shipping, ERP, etc.) are now collected in wp-content/flavor-logs/ for easier debugging.

Updated

  • Plugin logs now flow into the Flavor Core debug logger when Core v1.2.0+ is active. Enable with define('FLAVOR_DEBUG', true); in wp-config.php.

[8.3.2] - 2026-04-21 — Cache Repository Miss Memoization

Small patch release closing a silent performance issue in the cache layer — repeated lookups for absent keys were hitting the database every time instead of being remembered within a single request.

Fixed

  • Faster admin page loads — the plugin's cache layer no longer re-queries the database for keys that are known to be absent within a single request. On fresh-install admin pages, this reduces duplicate queries by ~98%.

[8.3.1] - 2026-04-20 — Stability fixes after v8.3.0

Emergency patch release resolving four fatal errors introduced during the v8.3.0 admin refactor, plus a post-update cache fix that pairs with the parallel theme release.

Fixed

  • Category, Attribute, and Variant admin pages no longer crash when saving or deleting items.
  • Admin Orders page: Status / Payment / Fulfillment dropdowns now populate correctly (previously returned an empty list).
  • Product creation from the admin no longer fails with a fatal error when saving a new product.
  • Plugin caches and rewrite rules are now correctly refreshed after every update — paired with the matching fix in Flavor Core, this prevents storefront routes (single product page, shop archives) from breaking after an update.

Full Version History

For the complete changelog including all previous versions, contact our support team.