-
Posts
-
Hello VillaTheme Support,
We are using WooCommerce Email Template Customizer Premium v1.2.12 on our store.
During a recent traffic spike, we had a serious incident:
Customer of order #106774 received a confirmation email addressed to their correct email, but the content was from order #106769 (order ID, name, address all mismatched).
We investigated and found:
Action Scheduler shows no duplicate or failed jobs → queue is not the cause.
VIWEC logs show multiple renderings for both orders within minutes:
Order 106769: rendered twice at 14:06:57–14:07:04 (new_order, ES).
Order 106774: rendered three times at 14:09:33–14:09:42 (completed/new_order, EN).
This suggests a race condition during rendering. Looking at the source code, the Email_Render class uses a singleton and keeps the email HTML in a property ($this->mail_content_html) until injected via woocommerce_mail_content. If multiple emails are processed in the same request, the buffer can be reused between orders.
We need your guidance on:
Does the plugin use global state (singleton, shared buffer) for rendering, and could this cause cross-order contamination under concurrency?
Is there a way to force per-order isolated rendering (e.g. always instantiate a new Email_Render)?
Can we safely disable all caching/state in VIWEC, or apply a patch to ensure $this->mail_content_html is reset and the filter removed after each send?
Have you encountered similar reports, and is there an official fix or update?
This is a data protection incident for us, so we need urgent advice to ensure no further customer data mix-ups.
Thank you for your prompt support.
Best regards,
EI
You must be logged in to see replies to this topic. Click here to login or register