Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible broken access control requiring only a subscriber account (PR:L); confidentiality impact is high via unauthorized data read with no integrity or availability effect.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
AnalysisAI
Broken access control in the RepairBuddy WordPress plugin (versions ≤ 4.1132) allows subscriber-level authenticated users to access restricted functionality or sensitive data without adequate authorization checks. The CVSS vector (PR:L, C:H, I:N, A:N) confirms that low-privileged users - specifically WordPress subscribers, the lowest authenticated role - can achieve high confidentiality impact, likely by reading repair orders, customer PII, or administrative data reserved for shop managers and admins. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
RepairBuddy is a WordPress plugin by Webful Creations designed for computer repair shops to manage repair tickets, customer records, and shop operations. The root cause is CWE-862 (Missing Authorization): the plugin fails to enforce role-based access checks on one or more internal endpoints or AJAX actions, allowing subscribers - the lowest WordPress user tier - to invoke privileged functionality. In WordPress, subscriber accounts are often freely registerable on public-facing sites, lowering the barrier to exploitation. The affected CPE (cpe:2.3:a:webful_creations:repairbuddy:*:*:*:*:*:*:*:*) spans all versions through and including 4.1132. Note that the 'Authentication Bypass' tag applied by Patchstack is slightly misleading: the CVSS PR:L metric confirms authentication IS required; what is bypassed is authorization, not authentication.
RemediationAI
Update the RepairBuddy plugin to the next release issued by Webful Creations beyond version 4.1132; no specific patched version number has been confirmed in the available data, so monitor the Patchstack advisory and the WordPress plugin repository for a confirmed fixed release. As an immediate compensating control, disable open user registration on the WordPress site (Settings → General → uncheck 'Anyone can register') to eliminate the subscriber-level foothold required for exploitation - note this will prevent new user self-registration site-wide. If subscriber accounts are operationally unnecessary for RepairBuddy workflows, audit and remove existing subscriber accounts. As a last resort, deactivate the RepairBuddy plugin until a patched version is confirmed, accepting the trade-off of losing all repair shop management functionality during that window.
More in Repairbuddy
View allRepairBuddy plugin for WordPress versions through 4.1132 exposes sensitive data in network transmissions due to improper
Broken access control in the RepairBuddy WordPress plugin (versions through 4.1121) allows authenticated low-privileged
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36967
GHSA-q8xf-858j-xmfh