A series of previously patched bugs, along with a recent unpatched one in the WooCommerce Subscriptions plugin, have silently disrupted automatic payments for years, potentially costing merchants significant loss in revenue.Â
The issue was uncovered and reported by Sybre Waaijer, the founder of The SEO Framework, and Troy who found an issue that broke subscription payments after product changes. The Woo team has addressed this bug and will be releasing a patch and a diagnostic tool this week to help merchants resolve it.
Estimated Revenue Impact
Sybre Waaijer pointed out that more than 100,000 stores are running the WooCommerce Subscriptions plugin, warning that many may not be aware their payments are affected.
He gave an estimate of the potential scale of impact of this, “Any store with $1M ARR could be missing $700k+ in revenue.”
Waaijer said it all started when he reported a bug to WooCommerce after discovering that subscription payments could silently fail following a product switch, “ Yesterday, I reported a bug to WooCommerce that silently broke subscription payments after a product switch.”
Explaining the bug in detail, he said, “When a customer upgrades or downgrades their subscription, the switcher flags the subscription as manual renewal; it only corrects the flag if the payment gateway changes. “
He pointed out that this can leave subscriptions stuck in manual mode even when valid payment methods are there, after noticing a customer account was placed “On Hold” following a missed renewal.
This led him to review the code, “Then I got worried: if they missed something this obvious, what else did they get wrong? So I started auditing.”
Waaijer said he uncovered three more bugs after the audit process and found out he too lost a potential amount of revenue, “ I had found three more bugs. There were 121 affected subscriptions, and $43,274 in lost revenue.”
Last year, Woo underwent a major rebrand along with an update to its product strategy making it surprising that a bug of this scale could go unresolved for so long, “ Based on what we’ve heard from our customers and the community, we’ve shifted from building a collection of plugins and services toward creating a more comprehensive, integrated platform that will power the future of online selling.We’re integrating more essential tools into the core platform and improving our functionality and user experience to make WooCommerce easier to use out of the box. ”
Subscription Renewal Flag at the Center of the Issue
Sybre Waaijer said the issue centers on how WooCommerce Subscriptions uses an internal flag to determine whether a subscription renews automatically or requires manual payment.
When customers check out using payment gateways such as Stripe or PayPal, this flag is expected to be set to automatic. If it is not, subscription renewals fail silently, “If it isn’t, subscription renewals silently stop working: no charge is attempted, no failure email is sent, and the subscription goes on hold until the customer notices and pays manually, or doesn’t and churns.”
Three Previously Fixed Bugs That May Have Impacted Revenue
Waaijer reported that one of the issues stemmed from a cache-related bug, where subscription data was not properly refreshed after updates, causing the payment setting to remain set to manual, “After saving subscription dates, the order cache was never cleared. Subsequent saves could serve a stale object with the flag still set to its default: manual” .
He added that the issue has since been fixed in subscriptions-core 6.9.0.
The next issue involved broken data synchronization in HPOS, where subscription metadata was not properly synced due to missing methods, “ Missing getter/setter methods prevented subscription metadata from being properly synced to postmeta in HPOS when data sync is enabled.”
This particular issue has since been fixed in subscriptions-core 6.5.0.
The third issue he brought to attention involved how subscriptions were created, where the system would return a freshly fetched instance instead of the configured object, causing important changes to be lost, “ wcs_create_subscription() returned a freshly fetched instance from cache/DB instead of the already-configured object. Any unsaved state, including the corrected flag, was silently discarded.“ This was also fixed in subscriptions-core 7.1.0.
Waaijer stressed that these three bugs together affected roughly 7% of subscriptions created at checkout, causing renewals to fail silently despite customers being successfully charged, “ These three combined accounted for roughly 7% of all subscriptions created at checkout that were silently born broken, despite the customer paying successfully.”
He highlighted that the issue persisted for more than seven years, from 2017 to 2024, during which automatic payments failed to trigger and users did not receive renewal notifications, making the problem difficult to detect without manual checks, “ For 7+ years (we have data from 2017–2024). Automatic payments NEVER fired for these subscriptions….The only way to know they were broken was if the customer noticed they lost access and contacted support, or if the merchant audited their database manually.”
Vague Release Notes and Delay in Resolving Issues
Waaijer also raised broader concerns about how the issues were handled and how easily they could have been detected through code review.
He said he has long offered to help improve WooCommerce’s code quality and often identifies issues without running the software itself. “For years, I’ve offered to help WooCommerce improve its code quality and performance. I dry-run code: I find bugs by reading. All four of these bugs are clearly visible in the source without needing to use the software. “
He also criticised how these issues could have been resolved much earlier, “ They could have been caught early. They weren’t. The incompetence is immeasurable…”
Waaijer added that the potential impact could be significant given the scale of WooCommerce Subscriptions, which powers hundreds of thousands of stores, “ WooCommerce Subscriptions powers hundreds of thousands of stores. If 7% of subscriptions were silently broken across even a fraction of them, we’re looking at potentially millions of dollars in spoiled revenue industry-wide that could have been prevented. Perhaps even billions.”
He also pointed out that the issues were not clearly communicated, stating that there were no admin notices, emails, or advisories issued regarding the potential impact and how the fixes were described in the release notes vaguely, “ The fixes shipped under vague changelog lines…”
According to Waaijer, one of the fixes was labeled “Dev” rather than “Fix,” while two others did not appear in GitHub release notes. He added that no remediation tools or diagnostic guidance were provided, meaning store owners would need to manually audit their databases to determine whether they were affected.
He also highlighted another important aspect where the woocommerce-subscriptions-core repository was archived in May 2025 after being merged into WooCommerce core, which he suggested makes it harder to trace the full history of fixes and changes, “ The woocommerce-subscriptions-core repo was archived in May 2025 after the code was absorbed into WooCommerce core — making the fix history harder to trace.”
Waaijer also provided the diagnostic queries and remediation steps for the switch bug for store owners.
Even More Issues Left To Address
Waaijer also highlighted what he described as restrictive handling of payment gateways. He said several core methods appear to only recognise WooCommerce Payments through hardcoded checks, rather than using extensible filters or capability-based logic.
He noted that the full WooCommerce Subscriptions plugin overrides this behaviour to properly evaluate gateway support, but said the base layer does not apply the same approach, effectively limiting other gateways at core level, “ The full WooCommerce Subscriptions plugin ($279/year, 3.2 stars, 100,000+ installs) overrides all three to properly check gateway capabilities, which is how it should work everywhere. But the base layer, subscriptions-core, is deliberately crippled at the class level to lock you into their gateway.”
He also brought to attention how WooCommerce hasn’t fixed an issue where it enables tracking without consent, an issue he reported back in January 2025. Waaijer also provided a list of data that WooCommerce collects.
Sybre Waaijer said the issues point to a “systemic reliability problem”, urging leadership attention, “ Matt Mullenweg, as Automattic CEO: this needs leadership attention. It is a systemic reliability problem, not one bug.
Beau Lebens (Artistic Director and overall Lead for WooCommerce) replied saying, “ This has leadership attention. We’re looking into the combined report now, and determining how best to provide folks with remediation.:
Response from Woo
The team has acknowledged the presence of the bug, saying, “ We’ve identified a bug in WooCommerce Subscriptions where the subscription switcher does not clear the manual renewal flag during same-gateway plan changes. Subscriptions that were incorrectly set to manual renewal remain stuck after upgrades or downgrades, even when the customer has a valid payment method on file.”
They are currently working on a patch as well as a diagnostic tool to help merchants to find out if they are affected by it, “ A patch is in progress. A diagnostic tool will be released this week to help merchants identify and review any affected subscriptions.”
Community Response
Adam Preiser said, “WooCommerce users, this is an EPIC FAILURE!”
Fernando Tellado voiced, “If you’re using WooCommerce Subscriptions, you might be losing nearly 10% of your payments due to this bug ”
Ben, the founder of LayerWP said, “ This is a bombshell, and continues to be one. How much revenue has been lost in the time this was brought to their attention?”
Phil Sola has expressed concerns,” This is deeply concerning and would be interesting to hear from someone at WooCommerce on this.We’re soon to start using Subscriptions for a huge subs site and this fills me with zero confidence.“
We have reached out to the Woo team for comment and are awaiting a response.