Skip to main content

Repairbuddy

3 CVEs product

Monthly

CVE-2026-39584 MEDIUM This Month

Broken access control in the RepairBuddy WordPress plugin (versions ≤ 4.1132) allows subscriber-level authenticated users to access restricted functionality or sensitive data without adequate authorization checks. The CVSS vector (PR:L, C:H, I:N, A:N) confirms that low-privileged users - specifically WordPress subscribers, the lowest authenticated role - can achieve high confidentiality impact, likely by reading repair orders, customer PII, or administrative data reserved for shop managers and admins. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Repairbuddy
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-24638 MEDIUM This Month

Broken access control in the RepairBuddy WordPress plugin (versions through 4.1121) allows authenticated low-privileged users to perform unauthorized actions affecting data integrity. The flaw stems from missing server-side authorization checks (CWE-862), permitting requests to access or modify functionality beyond the caller's intended permission level. No public exploit identified at time of analysis, EPSS sits at the 8th percentile (0.03%), and SSVC marks exploitation as none - placing real-world risk well below what the medium CVSS score of 4.3 might initially suggest.

Authentication Bypass Repairbuddy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-39586 MEDIUM This Month

RepairBuddy plugin for WordPress versions through 4.1132 exposes sensitive data in network transmissions due to improper handling of embedded information, allowing remote unauthenticated attackers to retrieve confidential details via passive observation of sent data. The vulnerability has a moderate CVSS score of 5.3 with low exploitability probability (0.02% EPSS), indicating real-world risk is minimal despite the information disclosure impact.

Information Disclosure Repairbuddy
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the RepairBuddy WordPress plugin (versions ≤ 4.1132) allows subscriber-level authenticated users to access restricted functionality or sensitive data without adequate authorization checks. The CVSS vector (PR:L, C:H, I:N, A:N) confirms that low-privileged users - specifically WordPress subscribers, the lowest authenticated role - can achieve high confidentiality impact, likely by reading repair orders, customer PII, or administrative data reserved for shop managers and admins. No public exploit code or active exploitation has been identified at time of analysis.

Authentication Bypass Repairbuddy
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Broken access control in the RepairBuddy WordPress plugin (versions through 4.1121) allows authenticated low-privileged users to perform unauthorized actions affecting data integrity. The flaw stems from missing server-side authorization checks (CWE-862), permitting requests to access or modify functionality beyond the caller's intended permission level. No public exploit identified at time of analysis, EPSS sits at the 8th percentile (0.03%), and SSVC marks exploitation as none - placing real-world risk well below what the medium CVSS score of 4.3 might initially suggest.

Authentication Bypass Repairbuddy
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

RepairBuddy plugin for WordPress versions through 4.1132 exposes sensitive data in network transmissions due to improper handling of embedded information, allowing remote unauthenticated attackers to retrieve confidential details via passive observation of sent data. The vulnerability has a moderate CVSS score of 5.3 with low exploitability probability (0.02% EPSS), indicating real-world risk is minimal despite the information disclosure impact.

Information Disclosure Repairbuddy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy