The WooCommerce CyberSource Payment Gateway v2.5.0 — released May 10, 2026 — delivers the most security-focused update the plugin has shipped. This release adds P12 certificate authentication for both SOAP and REST, promotes the Simple Order API to a first-class integration type, and brings full WooCommerce Subscriptions support to SOAP merchants. Here’s exactly what changed and what you need to do before upgrading.
In This Article
What’s New in the WooCommerce CyberSource Payment Gateway v2.5
Version 2.5 focuses on three areas: certificate-based authentication, a fully promoted SOAP integration path, and subscription support parity for SOAP merchants. If you have been waiting on any of these to move your CyberSource setup forward, v2.5 is the update that unblocks you.
P12 Certificate Authentication for SOAP and REST
CyberSource has been rolling out stricter authentication requirements across merchant accounts, and v2.5 brings the WooCommerce CyberSource Payment Gateway fully in line with those standards. Both the SOAP (Simple Order API) and REST API integrations now support P12 certificate authentication — the X.509-based credential format CyberSource uses for WS-Security and JWT signing.
The implementation covers the practical details merchants actually need:
- Separate Live and Test P12 certificate fields for both SOAP and REST — no sharing credentials across environments
- “Test P12 Connection” buttons in settings to validate a certificate before pushing it live
- Automatic expiry checking with admin warning notices before a lapsed certificate takes down your checkout
- Full logging for all SOAP and REST P12 operations with sensitive fields masked, so troubleshooting never requires guessing
If CyberSource flagged your account for mandatory certificate-based authentication, this update removes the last blocker to running the plugin on the newer security tier.
Simple Order API (SOAP) — Now a First-Class Integration Type
SOAP support has been part of the WooCommerce CyberSource Payment Gateway for years, but until v2.5 it sat in the background without full feature parity. This release makes the Simple Order API a proper selectable Integration Type — available from the plugin settings dropdown alongside Hosted Checkout and Checkout API — with complete feature support to match.
Selecting SOAP as your integration type now gives you:
- WooCommerce Blocks checkout support for SOAP transactions
- WooCommerce Subscriptions support with automatic renewal billing via CyberSource Recurring Billing
- Saved payment tokens and My Account payment method management
- A refactored
CybsClient.phpwith cleaner request handling and proper P12 certificate support
This matters most if your CyberSource account runs SOAP as its primary interface. It also applies if you integrate WooCommerce alongside other systems that use CyberSource’s SOAP API and need a consistent authentication model.
WooCommerce Subscriptions + SOAP: Full Automatic Renewal Support
The headline addition for SOAP merchants: the complete WooCommerce Subscriptions workflow now works end to end, matching the subscription support Checkout API merchants have had since v2.0.
- Subscription checkout with tokenized payment method saved at purchase
- Automatic renewal billing via CyberSource Recurring Billing over SOAP
- Payment method updates from the customer’s My Account → Payment Methods page
- Renewals run correctly under P12 authentication — no extra configuration needed
If your store runs recurring billing on SOAP, subscriptions now renew automatically. No manual steps or cron workarounds required.
REST API JWT Authentication Improvements
For stores on the REST API path — Checkout API and Unified Checkout — v2.5 fixes how JWT tokens get signed. The WooCommerce CyberSource Payment Gateway now signs REST API tokens using RS256, the algorithm CyberSource requires for certificate-based REST authentication, with improved internal handling for key loading and request signing.
This runs silently under normal operation, but it makes P12-authenticated REST calls reliable on PHP 8.1+ and eliminates deprecation warnings and intermittent signing failures.
Bug Fixes and PHP 8.1+ Compatibility
- Fixed PHP warnings for inherited class properties
- Fixed SOAP script loading in subscription integrations
- Fixed WooCommerce Blocks payment processing for SOAP
- Fixed saved token handling and card validation in Blocks checkout
- Fixed fatal error with billing email in the Blocks checkout context
- Fixed SOAP subscription renewals under P12 authentication mode
- Fixed PHP 8.1+ deprecation warnings in
SoapClient::__doRequest()
If you run PHP 8.2 or 8.3 and see notices in your error log, this update clears them.
Should You Upgrade Now?
Here’s a quick read on who this update is urgent for versus nice-to-have:
| Your situation | Priority |
|---|---|
| CyberSource flagged your account for mandatory P12 auth | Upgrade immediately |
| Running PHP 8.2 or 8.3 with deprecation notices | Upgrade soon |
| SOAP integration and need WooCommerce Subscriptions | Upgrade to unlock |
| Hosted Checkout or Checkout API, no P12, PHP 8.0 or earlier | Upgrade when convenient |
How to Enable P12 Authentication After Upgrading
Version 2.5 is a drop-in update — your existing Hosted Checkout and Checkout API settings carry over unchanged. To enable P12 certificate authentication:
- Export your P12 certificate from the CyberSource Business Center
- Enter the certificate file and passphrase in the new Live/Test P12 fields in plugin settings
- Click “Test P12 Connection” to confirm authentication before switching live traffic over
If you stay on legacy key-based auth for now, no settings changes are needed — the WooCommerce CyberSource Payment Gateway continues working exactly as before.
The 2.x Series at a Glance
| Version | Release | What landed |
|---|---|---|
| v2.0 | Early 2026 | WooCommerce Subscriptions, webhooks, saved cards, Blocks support |
| v2.1.1 | Apr 13, 2026 | Security hardening: HMAC timing-safe comparison, PCI log masking, XSS escaping, HPOS fix |
| v2.2.0 | Apr 25, 2026 | Unified Checkout — Google Pay, Apple Pay, Paze, Click to Pay |
| v2.5.0 | May 10, 2026 | P12 certificate auth (SOAP + REST), SOAP as selectable integration type, full SOAP Subscriptions |
Frequently Asked Questions
Does the WooCommerce CyberSource Payment Gateway support P12 certificate authentication?
Yes. Version 2.5 adds full P12 certificate authentication for both the SOAP (Simple Order API) and REST API integrations. It includes separate Live and Test certificate fields and a Test P12 Connection button to validate before going live.
Does version 2.5 support WooCommerce Subscriptions with SOAP?
Yes. Version 2.5 brings the full WooCommerce Subscriptions workflow to the SOAP integration path, including automatic renewal billing via CyberSource Recurring Billing, saved payment tokens, and payment method management from My Account.
Is upgrading to v2.5 a breaking change?
No. Version 2.5 is a drop-in update. Existing Hosted Checkout and Checkout API settings carry over unchanged. P12 authentication is opt-in — only configure it if your CyberSource account requires it.
Which PHP versions does the WooCommerce CyberSource Payment Gateway support?
The plugin supports PHP 7.4 through PHP 8.3. Version 2.5 specifically fixes deprecation warnings introduced in PHP 8.1 and resolves compatibility issues on PHP 8.2 and 8.3.
Get the WooCommerce CyberSource Payment Gateway
The WooCommerce CyberSource Payment Gateway is available on CodeCanyon. Your purchase includes all 2.x updates — no separate upgrade fee, no subscription required. Already a customer? Download v2.5 from your CodeCanyon account and upload it via Plugins → Add New → Upload Plugin in your WordPress dashboard.
Need help with the WooCommerce CyberSource Payment Gateway P12 setup or choosing the right integration type? Check the setup documentation or reach out through support — I respond within one business day.