Version 4.0.1 is a focused maintenance release that hardens security, fixes a couple of Shipping Carriers issues, and makes the carrier screen feel noticeably snappier.
π Security SQL Injection Fix (CVE-2026-57773) β Hardened the CSV Import against a SQL injection vulnerability reported via Patchstack. The affected query now uses a fully parameterized statement. We recommend all users update to 4.0.1.
π Bug Fixes Bulk Carrier Removal β Fixed the “Remove Selected” button in the “All Carriers Selected” state, which previously did nothing when clicked. Selection Banners β The “carriers selected” and “all carriers selected” notices no longer appear at the same time.
β‘ Performance Instant Edit Modal β The Edit Shipping Carrier window now opens instantly, with no loading delay.
π§ Compatibility Tested with WooCommerce 10.9.3