📢 Only bug and security updates will be provided here on WordPress dot ORG. Major updates or new features are provided directly from us.
This is a community edition of the core of CoCart. Response time for support is slower than paying customers. Thank you for your understanding.
Plugin name change showing before and after below.
Before: Headless eCommerce API for Developers
Now: CoCart – Headless REST API for WooCommerce
v4.8.4 – 21st April, 2026
Bug Fixes
- Plugin: Fixed fatal error from sprint_f() typo in database update scheduler (sprintf).
- REST API: Apply Access-Control-Allow-Credentials header correctly.
- Load Cart: Only trigger warning if hook cocart_load_cart_override was used.
- Load Cart: Fixed uncaught type error merging an empty cart value. Reported by @allkhor 👍
- WordPress Dashboard: Fixed HTML issue in the WooCommerce admin bar title.
Compatibility
- Tested with WooCommerce v10.7
v4.8.3 – 26th January, 2026
Bug Fixes
- REST API: Updating a customer address after one is placed would not update.
- REST API: Return error responses correctly so all headers return.
Changes
- Plugin: Updated broken external links throughout the plugin.
v4.8.2 – 20th January, 2026
Improvements
- Plugin: WordPress plugin checker helped resolve a few PHP code standards.
Compatibility
- Tested with WordPress 6.9
- Tested with WooCommerce v10.4
v4.8.1 – 24th November, 2025
Bug Fixes
- REST API: Updating a customer address after one is placed would not update.
- REST API: No customer data, no applied coupons or removed items in session caused undefined errors.
- REST API: Customer data was not converting correctly to return in the Session API.
- REST API: The product object was not passed correctly in the Session API for items.
- REST API: Damaged or empty cart sessions was failing in the Session API.
Improvements
- Plugin: WordPress plugin checker helped resolve a few database issues to keep up with security practices.
Compatibility
- Tested with WooCommerce v10.3
- Added support for the next CoCart Plus update.
v4.8.0 – 22nd September, 2025
What’s New?
- Authentication: Enhanced login endpoint with improved permissions control via the new hooks mentioned below.
Improvements
- Authentication: Removed priority order so our JWT Auth integration can run earlier in the process.
- Authentication: Refactored get_ip_address for better trusted proxy support and better IP address detection with additional headers.
- REST-API: Session handler now loads during the login endpoint operations.
- Security: Item keys are now restricted to 32 characters maximum for better validation.
- User Management: Refactored is_user_customer function to support additional user roles beyond just customers.
Developers
- Logging: Added informational logs for IP address detection and proxy handling.
- Introduced a new filter cocart_login_permission_callback allows additional authentication checks after basic authorization for the login endpoint.
- Introduced a new filter cocart_login_secure_auth_methods determines which authentication methods should skip additional auth checks.
- Introduced a new filter cocart_login_query_parameters allows plugins to add additional parameters to the login endpoint.
- Introduced a new filter cocart_trusted_proxies allows adding trusted proxy IPs/CIDR for secure IP detection.
- Introduced a new filter cocart_ip_headers allows customization of headers used for IP address detection.
- Introduced a new hook cocart_login_permission_granted that triggers when login permission is granted for the login endpoint.
Compatibility
- Tested with WooCommerce v10.2
v4.7.0 – 8th August, 2025
What’s New?
- Authentication: Added support for authenticating via JSON request body with clear indication for the login endpoint (API v2 ONLY).
Improvements
- Authentication: Internal refactor to return WP_Error consistently from permission checks.
- REST API: Login (API v2 ONLY) Explicit added query params for username and password.
v4.6.4 – 6th August, 2025
Bug Fixes
- REST API: Fixes both the product review and rating count.
- Feature: Fixed “Load Cart from Session” from destroying sessions once loaded due to session improvements made in WC v10.
Improvements
- Plugin: Ensure that dependent plugins can be installed/activated if the plugin is installed in a different folder name.
- Feature: “Load Cart from Session” improved session data checking.
- Session handler: Reduced duplicate session calls and optimized update_session_timestamp() database query.
- Session handler: Restored persistent_cart_update compatibility for WooCommerce v10; only active for versions lower than v10.1.
- Session handler: Overrode session_exists() and delete_session() to use CoCart’s session table.
- Load Cart: Switched from $_REQUEST to $_GET and removed the priority for load_cart_action.
- Load Cart: Re-enabled initialize_cart_session() and stopped destroying cookies when loading carts.
Deprecated
- Action hook cocart_load_cart_override is no longer used.
v4.6.3 – 27th July, 2025
Bug Fix
- REST API: Fixes identifying namespace and routes in the WordPress REST API Index if not set should they already be filtered out.
v4.6.2 – 25th July, 2025
Bug Fix
WooCommerce v10 caused a cache issue due to a change in the many times session data is handled.
Improvements
- Plugin: Session handler optimized – New sessions created first, then auth users if no cart requested.
- Plugin: Session handler – Removed the need to set cart hash at the start.
- Plugin: Session handler – Added a warning log for when the session data must have really screwed up.
- Plugin: Session handler – Added max expiration exceed limit to 30 days to avoid performance issues and the session table growing too large.
- REST API: Check REST request is CoCart before maybe loading cart or filtering served requests.
- REST API: Fixed deprecated functions still called in Products API.
- REST API: Authentication and CORS optimized to parse data less allowing for a faster response.
- REST API: Moved global headers to be filtered in rest_pre_serve_request instead of CoCart_Response which is not used for Products API.
- Plugin: Moved the cart cache to load once WooCommerce has loaded instead of only during the REST API.
Developer note: Cart cache allows for items with custom pricing to be calculated on the native site and not just via the REST API to keep consistent with calculations.
Requirements
- WooCommerce v9 minimum is now required for CoCart but for best performance recommend using v10+
Compatibility
- Tested with WooCommerce v10.0.4
v4.6.1 – 21st July, 2025
Bug Fixes
- REST API: Fixed undefined array key errors with cart session when cart is empty. Solves Issue #533
- REST API: Fixed removing an item using the update endpoint when it thinks quantity value is not numeric.
Compatibility
- Tested with WooCommerce v10.0.3
v4.6.0 – 26th June, 2025
This release is a compatibility release for the next WooCommerce release.
What’s new?
- WordPress dot ORG: Added a Playground blueprint.
Changes
- Plugin: Branding for CoCart has been updated.
- Plugin: Styling for CoCart pages have been improved and more consistent on all pages by reducing conflicts with WordPress and WooCommerce styling.
Improvements
- REST API: Basic authentication is detected much better.
- REST API: Authentication failures now has debug logs.
- WordPress Dashboard: Semantic markup overhaul for better screen reader interpretation.
- WordPress Dashboard: Setup wizard and Support pages have been updated.
Compatibility
- Tested with WooCommerce v10.0
v4.5.0 – 31st May, 2025
This release will most likely be the last update released on the WordPress plugin directory with anything NEW added.
What’s New?
- REST API: Products can now be filtered to return only products by brand names.
Bug Fix
- REST API: Added missing option for allowing to order products by random. Solves issue #516
Plugin Details
- Plugin: Updated links for documentation.
- WordPress Dashboard: Updated link for upgrade page.
- WordPress Dashboard: Plugin action links are added after now, not before.
Compatibility
- Tested with WooCommerce v9.9
v4.4.0 – 16th May, 2025
This release focuses on supporting such tools like ManageWP, MainWP, Blogvault etc.
Changes
- WordPress Dashboard: Database updates now run automatically if needed. Resolves issue #511
- WordPress Dashboard: Sessions now transfer automatically for new installs.
- Session: Cart session expiration’s are now matching the default expiration WooCommerce set for better compatibility and abandoned cart support.
- Session: Cart session expiration for logged in users renew daily and expire in a week. This is to keep carts persistent for logged in users.
Note: The session expiration’s can still be filtered back to the previous values but that would mean it would match the expiration for logged in users.
Third Party Support
- Plugin: LiteSpeed Cache will now exclude CoCart from being cached. Commit
Developers
- Filter cocart_cart_expiring added parameter is_user_logged_in() to allow the expiration for logged in users to be filtered.
- Filter cocart_cart_expiration added parameter is_user_logged_in() to allow the expiration for logged in users to be filtered.
Internal
- Improved the logger. Commit
- Added logs for database update procedure. Commit
Deprecations
- Filter cocart_log_entry_name no longer used.
- Filter cocart_log_entry_version no longer used.
- Filter cocart_log_entry_source no longer used.
- Filter cocart_setup_wizard_store_save_next_step_override no longer used.
v4.3.30 – 27th April, 2025
Bug Fix
Improvement
- REST API: Variation attribute data is now sanitized. Labels are converted to names (e.g. Size to pa_size), and values are cleaned.
Compatibility
- Tested with WordPress v6.8
v4.3.29 – 10th April, 2025
Bug Fix
- REST API: Package details would not return but showed fine in shipping meta.
Improvements
- REST API: Optimized fetching the cart in all Cart API endpoints.
- REST API: Shipping now fully respects the shipping settings.
Dev note: Meaning if you have requested that the customer provides the shipping address first before shipping is calculated, then no shipping methods will return until it’s provided.
Compatibility
- Tested with WooCommerce v9.8
v4.3.28 – 6th April, 2025
Bug Fix
- REST API: Fixed unidentified item key when adding grouped products.
v4.3.27 – 3rd April, 2025
Bug Fix
- REST API: Undone a change to fix any WooCommerce cookies from setting with the Cart API. Related to fixing persistent cart back in November last year.
v4.3.26 – 1st April, 2025
Bug Fix
- REST API: Fixed critical error when adding an item and asking to return the item details. Solves issue #509
Improvements
- REST API: Corrected and added missing schema information for Cart API v1.
- WordPress Dashboard: Tweaked plugin screen modal for listing untested plugins.
Requirement change
- WordPress 6.3 is the new minimum version required.
v4.3.25 – 17th March, 2025
Bug Fixes
- Plugin: Failed to activate fully when network activated due to how admin notices where set. – Bug Report
- WordPress Dashboard: Plugin suggestions was not letting you press the “Install Now” button.
v4.3.24 – 10th March, 2025
Bug Fix
- Fixed a few typo’s in the session handler.
Improvements
- WordPress Dashboard: Improved detection of a suggested plugin hosted on WordPress dot ORG and from a third party.
- WP-CLI: Update command now asks for confirmation before proceeding.
v4.3.23 – 3rd March, 2025
Bug Fixes
- Authentication: Changed access for setting an authentication error from protected to public. Allowing other authenticators to not fail when an error does occur.
- WP-CLI: When updating the plugin, we don’t need to include the install class again.
Improvements
- Database: Simply modified the structure for columns that were BIGINT UNSIGNED to bigint(20) unsigned.
- Session handler: Guest carts will now have a prefix t_ before the cart key provided. This matches with WooCommerce session handler where it maybe used by 3rd party plugins or web host configurations to identify if the session is for a guest user.
Dev note: This affects only new guest sessions.
Compatibility
- Tested with WooCommerce v9.7
v4.3.22 – 26th February, 2025
Corrections
- REST API: Schema corrections for cart endpoint.
- REST API: Schema corrections for items endpoint to match cart schema.
For Developers
- Moved filter cocart_get_customer_{field} after value instead of using it only when there is no value returned for a customers field. Replace {field} with the section prefix followed by the field name. e.g. billing_country
Developer note: This allows you to then alter values such as the billing country. See example.
add_filter( ‘cocart_get_customer_billing_country’, function( $value ) {
if ( WC()->countries->country_exists( $value ) ) {
return WC()->countries->get_countries()[ $value ];
}
return $value;
}, 10, 1);
- Introduced new filter cocart_get_after_customer_{field-type}_fields that allows you to change the customer fields after they returned. Replace {field-type} with either billing or shipping for the fields to alter.
v4.3.21 – 20th February, 2025
Improvement
- REST API: Added no-store as part of the Cache-Control header for guest users.
v4.3.20 – 8th February, 2025
Bug Fix
- REST API: Fixed product reviews not returning.
v4.3.19 – 6th February, 2025
Bug Fix
- REST API: Fixed setting a customers shipping address line 1 and 2.
v4.3.18 – 22nd January, 2025
General
- Updated link to Next Changelog for coming future major release. (v5.0)
- Improved SASS to CSS conversion.
Compatibility
- Tested with WooCommerce v9.6
v4.3.17 – 14th January, 2025
Bug Fix
- REST API: Stock status was incorrectly queried for Products API and now checks available stock statuses before filtering.
Improvements
- REST API: Version of CoCart only returns in the returned headers when debug is enabled now.
- REST API: WP_DEBUG is made sure it is defined before returning extras for developers in the store response.
Compatibility
- Tested with WooCommerce v9.5
View the full changelog here.
