Visa Acceptance Solutions plugin for WordPress all versions <= 2.1.0
Summary
This vulnerability allows unauthenticated attackers to bypass authentication in the vulnerable plugin. Attackers can log in as any existing user, including administrators, by simply providing the target user's billing email without any ownership verification. This leads to full account takeover and complete compromise of the WordPress site.
Remediation
Update the Visa Acceptance Solutions plugin to a fixed version if a patch is available. If no patch is released, deactivate and remove the plugin from your WordPress installation immediately. Monitor for unauthorized accounts and suspicious admin activity on affected sites.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.