CVE-2026-3461: CWE-288 Authentication Bypass Using an Alternate Path or Channel in visaacceptancesolutions Visa Acceptance Solutions
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.
AI Analysis
Technical Summary
CVE-2026-3461 is an authentication bypass vulnerability in the Visa Acceptance Solutions WordPress plugin (versions up to 2.1.0). The vulnerability arises because the function express_pay_product_page_pay_for_order() logs users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This allows unauthenticated attackers to impersonate any existing user by providing their email address in the billing_details parameter, leading to full account takeover and site compromise. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
Potential Impact
Successful exploitation enables unauthenticated attackers to gain full access to any user account, including administrator accounts, resulting in complete site compromise. This can lead to unauthorized actions, data theft, and control over the affected WordPress site.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the plugin or disable it if possible. Monitor for updates from the vendor and apply patches immediately once available. Avoid relying on the vulnerable functionality for guest checkout with subscription products.
CVE-2026-3461: CWE-288 Authentication Bypass Using an Alternate Path or Channel in visaacceptancesolutions Visa Acceptance Solutions
Description
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site compromise.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-3461 is an authentication bypass vulnerability in the Visa Acceptance Solutions WordPress plugin (versions up to 2.1.0). The vulnerability arises because the function express_pay_product_page_pay_for_order() logs users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This allows unauthenticated attackers to impersonate any existing user by providing their email address in the billing_details parameter, leading to full account takeover and site compromise. The vulnerability is classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
Potential Impact
Successful exploitation enables unauthenticated attackers to gain full access to any user account, including administrator accounts, resulting in complete site compromise. This can lead to unauthorized actions, data theft, and control over the affected WordPress site.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the plugin or disable it if possible. Monitor for updates from the vendor and apply patches immediately once available. Avoid relying on the vulnerable functionality for guest checkout with subscription products.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-02T22:03:26.688Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69df540182d89c981fbdb3d4
Added to database: 4/15/2026, 9:01:53 AM
Last enriched: 4/15/2026, 9:16:51 AM
Last updated: 4/16/2026, 6:23:20 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.