WordPress Plugin Vulnerabilities

Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email

Description

The plugin is vulnerable to Authentication Bypass due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.

Affects Plugins

Plugin icon
visa-acceptance-solutions
No known fix

References

CVE
CVE-2026-3461
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8d3aea10-d7a0-44bd-94dc-3bad0d27dbd8

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
0xd4rk5id3
Verified
No
WPVDB ID
1963a5b3-8032-4003-914c-94c8bf9c7193

Timeline

Publicly Published
2026-04-14 (about 2 months ago)
Added
2026-04-14 (about 2 months ago)
Last Updated
2026-06-27 (about 1 hour ago)

Other

Published
Title
Published
2026-05-26
Title
Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
Published
2025-09-18
Title
Service Finder SMS System <= 2.0.0 - Authentication Bypass
Published
2025-08-22
Title
Case Theme User < 1.0.4 - Authentication Bypass via Social Login
Published
2019-08-12
Title
JVM WooCommerce Wishlist <= 1.2.6 - Insecure Direct Object Reference
Published
2025-03-13
Title
WP JobHunt <= 7.1 - Authentication Bypass