Issue #203 Loop WP

Hi, {{first_name|friend}}. 👋

Welcome to Issue #203 of Loop WP!

Last week, we looked at Maarten Belmans’ (Studio Wombat) updated report on block vs classic checkout adoption across 15,000 WooCommerce stores.

This week was meant to be about Ollie WP and WooCommerce, but some very big news came up about major bugs in WooCommerce Subscriptions that have cost users potentially millions, “if” not more (depending on what you read), in lost revenue.

Let’s go! 👇

😬 Some WooCommerce store owners are only just discovering they've been missing subscription renewal payments.

Not because their payment gateway failed or customers churned, but because a series of bugs deep inside the official WooCommerce Subscriptions plugin quietly flipped their subscriptions from automatic to manual billing, without a single notification.

✅ Woo has now confirmed the bugs, is shipping a patch and a diagnostic tool this week, and plans to notify affected customers.

At the heart of this story is a database flag called _requires_manual_renewal.

When it's set to true on a subscription, WooCommerce treats that subscription as requiring a manual payment instead of automatically charging the customer's saved card on renewal day, it sends them an invoice and waits.

Their subscription goes on hold until they log in and pay, or it lapses.

That flag is supposed to be set intentionally. The problem is that four bugs in WooCommerce Subscriptions were silently setting _requires_manual_renewal = true on subscriptions that had perfectly valid payment methods.

🚨 The subscriptions looked fine in the dashboard. No failure emails went out. Payments weren't failing; they just weren't happening.

Sybre Waaijer, founder of The SEO Framework, surfaced the issue publicly on X after reporting one bug to Woo and then discovering three more during a full audit of his own store.

He found 121 of his subscriptions had been affected and estimated he'd lost $43,274 in potential revenue.

The four bugs all share the same failure mode but trigger at different points:

Could break subscriptions from the moment of checkout, including one traced to a stale cache bug in which, after saving subscription dates, the order cache was never cleared, allowing subsequent saves to serve a stale object with the flag still set.

According to Waaijer, these collectively accounted for roughly 7% of subscriptions being broken from day one. Customers paid successfully, but automatic renewals never fired.

Is a subscription switching bug. When a customer upgrades or downgrades their plan, a function should reset the manual renewal flag.

But it contains a logical short-circuit: if the payment gateway after the switch is the same as before, the code bails out early without ever clearing the flag.

Waaijer discovered this one two days before going public, when a customer he'd helped upgrade was put on hold for a missed payment despite having valid payment methods on file.

💡 Three of the four bugs had been patched in earlier versions of WooCommerce Subscriptions. But Waaijer says the changelog entries were vague and no advisory was ever published.

🚨 Merchants had no way to know they were affected or that existing broken subscriptions needed to be fixed manually.

"For 7+ years (we have data from 2017–2024). Automatic payments NEVER fired for these subscriptions," Waaijer wrote. "The only way to know they were broken was if the customer noticed they lost access and contacted support, or if the merchant audited their database manually."

🚨 Woo's Director of Communications, Jay Walsh, told The Repository that only stores running WooCommerce Subscriptions with HPOS (High-Performance Order Storage) enabled between approximately August 2023 and May 2024 are known to be affected by the four bugs.

No new subscriptions have been affected since May 2024.

But stores that were running HPOS during that window may have subscriptions sitting in a broken state right now, with automatic payments silently disabled and no indication that anything is wrong.

💡 Importantly, upgrading to a patched version of the plugin does not automatically fix historic subscription records. Those need to be found and remediated separately.

Walsh confirmed: "These bugs could have silently set subscriptions to 'manual renewal' during checkout — stopping automatic payments without notifying merchants or customers."

Two diagnostic options are available:

Woo's own Health Check tool is shipping this week.

It will let merchants scan their store, identify affected subscriptions, and decide how to handle them, without making any automatic changes to customer accounts.

Watch the WooCommerce Status Tracker and the Woo Developer Blog for the rollout.

🚨 Sybre Waaijer's SQL diagnostic is available now.

The queries cover both HPOS and the older CPT storage. Section 1 is a quick-check query that returns the count of affected subscriptions. If it returns 0, you're likely fine.

Section 5 estimates revenue loss by comparing expected renewals against renewals actually collected. Section 6 contains the remediation UPDATE queries.

💡 If you go the SQL route: back up your database before running anything in Section 6, read each query before running it, and ideally test on a staging copy first.

A few things the fix does not do:

🧠 The truth is nobody knows yet. The incoming Health Check tool will help the ecosystem get a clearer picture.

Waaijer's own store is relatively small. His $43,274 estimate prompted other store owners to check their numbers.

Adam Preiser, co-founder of competing subscription plugin SureCart, reposted Waaijer's thread and said a quick check of one of his smallest WooCommerce stores showed $37,000 in lost annual subscription revenue and an estimated $100,000 in total.

In a follow-up post, he suggested the collective merchant impact could run into "hundreds of millions of dollars."

💡 Woo pushed back on that framing. "The revenue loss estimates in the public discussion assume subscriptions would have renewed indefinitely, which overstates the actual impact," Walsh said. "Right now, we're focused on giving merchants accurate data for their own stores rather than debating aggregate estimates."

Waaijer's own extrapolation sits somewhere in the middle: "Our store is small. WooCommerce Subscriptions powers hundreds of thousands of stores. If 7% of subscriptions were silently broken across even a fraction of them, we're looking at potentially millions of dollars in spoiled revenue industry-wide that could have been prevented. Perhaps even billions."

Beau Lebens, Woo's Artistic Director/Lead, responded to Waaijer on X, confirming the issue had leadership attention and that Woo was "determining how best to provide folks with remediation."

Since then, Woo has moved quickly:

🚨 None of these points is legal advice (I am not a legal or licensing expert), and it is a point of confusion.

Almost certainly nobody, in any legally actionable sense, though the picture is slightly more nuanced than a flat "no."

💡 WooCommerce Subscriptions is GPL-licensed software. Provided "AS IS" without warranty, no liability for lost profits.

Automattic's Terms of Service reinforce this, capping liability in most cases at the greater of $50 or fees paid in the prior twelve months. You're paying for access to updates and support, not a warranty.

Automattic's terms include carve-outs where local law doesn't allow full exclusion of liability, notably relevant for merchants in the UK and EU, and for cases involving gross negligence or wilful misconduct.

💡 Those exceptions aren't a clear path to compensation, but they mean the blanket "no liability" picture isn't universal. If you're in those jurisdictions and your losses are material, it's worth getting specific legal advice rather than assuming the ToS is the final word.

The moral argument is a different matter. Merchants affected by this bug may have lost thousands in missed recurring revenue over months or years, with no warning, through no fault of their own.

That harm is real, and Waaijer's point about vague changelogs and the lack of an advisory is well taken.

If you know you've shipped a bug that could be silently draining merchant revenue, there's a reasonable case that customers deserve more than a quiet patch note.

✋ Remember, Woo, is working on this. The Woo Developer Blog post and the Health Check tool are coming "this week" and could arrive very shortly after this newsletter is published.

🚨 None of these points is legal advice (I am not a legal expert):

That’s it for this week, {{first_name|friend}}. 👋

This week's excellent and insightful WordPress News & Tips:

If you have a question about this email or WordPress, please reply, and I will respond as soon as possible.

👋 Until next time,