Threat Entry Updated 2026-03-23

CVE-2026-3567 - RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to modify admin-level plugin settings. First, the wc_rb_get_fresh_nonce() function (registered via wp_ajax and wp_ajax_nopriv hooks) allows any user to generate a valid WordPress nonce for any arbitrary action name by simply providing the nonce_name parameter, with no capability checks. Second, the wc_rep_shop_settings_submission() function only verifies the nonce (wcrb_main_setting_nonce) but performs no current_user_can() capability…

PLUGIN RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress

CVE-2026-3567

MEDIUM CVSS 5.3 2026-03-21

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-15

CVE-2026-0820 - RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress

The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes.

PLUGIN RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress

CVE-2026-0820

MEDIUM CVSS 5.3 2026-01-17

Risk Score

Open Full Technical Breakdown