CVE-2026-3461P2CRITICALCVSS 9.8≤ 2.1.02026-04-15
CVE-2026-3461 [CRITICAL] CWE-288 CVE-2026-3461: The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all ver
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email o
nvd