CVE-2026-3461
published 2026-04-15CVE-2026-3461: The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.5th percentile
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| visaacceptancesolutions | visa_acceptance_solutions | <= 2.1.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f5vm-4j2m-phc2: The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2
ghsa_unreviewed·2026-04-22
CVE-2026-3461 [CRITICAL] CWE-288 GHSA-f5vm-4j2m-phc2: The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.
VulDB
visaacceptancesolutions Visa Acceptance Solutions Plugin up to 2.1.0 on WordPress express_pay_product_page_pay_for_order billing_details authentication bypass
vuldb·2026-04-15·CVSS 9.8
CVE-2026-3461 [CRITICAL] visaacceptancesolutions Visa Acceptance Solutions Plugin up to 2.1.0 on WordPress express_pay_product_page_pay_for_order billing_details authentication bypass
A vulnerability was found in visaacceptancesolutions Visa Acceptance Solutions Plugin up to 2.1.0 on WordPress and classified as critical. Affected by this vulnerability is the function express_pay_product_page_pay_for_order. Executing a manipulation of the argument billing_details can lead to authentication bypass using alternate channel.
This vulnerability is handled as CVE-2026-3461. The attack can be executed remotely. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/tags/2.1.0/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L777https://plugins.trac.wordpress.org/browser/visa-acceptance-solutions/trunk/public/class-visa-acceptance-payment-gateway-expresspay-public.php#L790https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3aea10-d7a0-44bd-94dc-3bad0d27dbd8?source=cve
2026-04-15
Published