Hi @neverendlessly ,
Thanks for reaching out!
The warning you mentioned — Undefined variable $order_id — along with the changes in email layout and language, may be related to the new Email improvements feature introduced in recent WooCommerce updates.
Could you please try disabling this feature by going to WooCommerce → Settings → Advanced → Features and toggling off “Use new email design”? That should help restore the previous layout and potentially resolve the warning as well.
Also, are you currently using a custom email template or any custom code for email modifications? Let us know so we can better assist.
Looking forward to your update!
Hello and thanks a lot for your help!
We disabled the new email layout:
– the good news is that the template came back to our original local language
– the bad one is that the warning is still there unfortunatelly.
Please let us know what do you mean by “custom email template or any custom code for email modifications”. Where can we check where/if we put a custom code for email?
– We have translated the original tempalte in WooCommerce → Settings → email
– We are also using a plugin for translations (Loco translate) but we do not think is related to this
– We are also using Easy WP SMTP
– Also related to WC we are using: Perfect Brands for WooCommerce, Product Subtitle For WooCommerce, WooCommerce PayPal Payments, WooCommerce Tax, WooCommerce Weight Based Shipping but again that should not be related
Many thanks for your time and help and looking forward to reading you for further suggestions!
Kind regards
Hi there!
Thanks for the update!
The error message: “Warning: Undefined variable $order_id in class-xlwuev-woocommerce-confirmation-email-public.php on line 263” means that a PHP variable named $order_id is being used in the code on line 263 of that specific file, but it hasn’t been assigned a value (it’s “undefined”) before it’s used.
This file name, class-xlwuev-woocommerce-confirmation-email-public.php, strongly suggests this warning is coming from a third-party plugin related to WooCommerce confirmation emails. “XLWUEV” appears to be part of the plugin’s unique identifier or slug.
To assist you further could you please shared the System Status Report which you can find via WooCommerce > Status. Please use https://pastebin.com/ or https://gist.github.com/ and share a link to that paste in reply here. Once we have more information, we’ll be able to assist you further.
In the meantime, If you’re not aware of any custom code added for email handling, I recommend doing a quick conflict test:
- Temporarily switch to a default theme like Twenty Twenty-Five
- Deactivate all plugins except WooCommerce
- Place a test order and check if the issue still occurs
This will help determine if the problem is coming from another plugin or a theme conflict.
Hello all and thanks for your help!
We identified that the issues is related to “Woocommerce User Email Verification” plugin.
In fact, once we deactivated the plugin the warning message disappeared and if we activat it back the issue return exactly the same.
On the other hand we really need this plugin to be avoid bot customer registrations and to be sure that there’s a real person willing to register to our site.
Can you please suggest how investigate further to:
1) avoid this warning message
2) if you see a vulnerability report about this WordPress plugin and you suggest to use another method
Many thanks!
Sorry, just to add a piece of information, this Woocommerce User Email Verification plugin is from XLPlugins.
Thanks
Hi @neverendlessly ,
Thanks for the update, and great job identifying the issue with the WooCommerce User Email Verification plugin by XLPlugins. Since the warning disappears when it’s deactivated, we recommend reaching out to XLPlugins support directly and ensuring the plugin is up to date.
We don’t track vulnerabilities for third-party plugins, but you can check sites like patchstack.com or wpscan.com. If the plugin isn’t actively maintained, you might want to consider alternative solutions for email verification.
That said, we’d truly appreciate it if you could leave a review and share your experience:
https://ww.wp.xz.cn/support/plugin/woocommerce/reviews/
Thanks again, and happy selling!
Thanks a lot @mahfuzurwp
Woocommerce User Email Verification plugin is from XLPlugins. What we found strange is that in their site https://xlplugins.com/ it seems it’s no longer among their plugin anymore. We also read in another post (wordfence) that the plugin “is vulnerable to authentication bypass”, so we deactivated and want an alternative.
Could you please suggest an alternative that is reliable, completelly supported and updated?
Thanks a lot for yourhelp and for sure we will leave a very positive review for your kind and professional support!
Hi @neverendlessly,
Thanks so much for your kind words, I really appreciate it!
Since the XLPlugins “WooCommerce User Email Verification” plugin is no longer listed on their site and has known security concerns, it’s a good decision to look for an alternative.
A solid free option you can consider is Emails Verification for WooCommerce. If you’re looking for something more robust and officially supported, the premium Customer Email Verification extension on WooCommerce.com is another great choice.
That said, while I’m happy to share suggestions, please note that using third-party plugins is at your own discretion. Make sure to test any plugin in a staging environment and review compatibility with your existing setup.
Hello @mahfuzurwp and once again thanks a lot for your immediate support.
We saw that the plugin has been used only from thousand of site while we know that the numbers for Woocommerce are in terms of milions. So are there some other options to block bot to register fake user in Woocommerce. for example we have been also using reCAPTCHA for WooCommerce by Elliot Sowersby, RelyWP. Is this enough to block fake registration, do you advice other recapcha and/or other methods base on your great experience?
Many thanks!
Kind regards
Hi @neverendlessly,
Thank you for reaching out and I completely understand how frustrating fake user registrations can be.
You’re already on the right path using reCAPTCHA for WooCommerce by RelyWP — it’s a solid tool. Just ensure it’s properly set up for your registration and login forms, and consider using reCAPTCHA v3 or the invisible version of v2 for better protection without disrupting real users.
Additionally, I recommend setting up limits on login and registration attempts. This helps stop bots from repeatedly trying to register or break in, and plugins like Limit Login Attempts Reloaded can handle this easily or any other security plugin.
hello, @mosesmedh) thanks a lot for your feedback.
We have been using Wordfence. Do you know and if this Limit Login Attempts Reloaded is one of the options and how to check it please?
Many thanks
Hi @neverendlessly,
Yes, Wordfence includes login attempt limiting as part of its security features. However, since it’s a third-party plugin, I can’t speak in detail about all of its functionalities. For more specific guidance, I recommend posting your question directly on their support forum here: https://ww.wp.xz.cn/support/plugin/wordfence/.
Alternatively, you could consider using a dedicated plugin like WP Limit Login Attempts or similar tools focused solely on managing and restricting login attempts.
