cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcomputer-repair-shop computer-repair-shop

Direction: ascending
Jun 07, 2024

CRM WordPress Plugin – RepairBuddy # 5de96d64bb570d61b961a41ccba6f5e4efc71a47

CVE, Research URL

5de96d64bb570d61b961a41ccba6f5e4efc71a47

Home page URL

Security reports for CRM WordPress Plugin – RepairBuddy

Application

CRM WordPress Plugin – RepairBuddy

Date
Jan 13, 2020
Research Description
CRM WordPress Plugin &#8211; RepairBuddy [computer-repair-shop] < 3.73 WordPress Computer Repair Shop plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability discovered by Jeroen Mulder in WordPress Computer Repair Shop plugin (versions <= 1.0).
Affected versions
Min -, max -.
Status
vulnerable
Nov 12, 2024

CRM WordPress Plugin &#8211; RepairBuddy # CVE-2024-51793

CVE, Research URL

CVE-2024-51793

Home page URL

Security reports for CRM WordPress Plugin &#8211; RepairBuddy

Application

CRM WordPress Plugin &#8211; RepairBuddy

Date
Nov 11, 2024
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115.
Affected versions
Min -, max -.
Status
vulnerable
Dec 19, 2024

CRM WordPress Plugin &#8211; RepairBuddy # CVE-2024-12259

CVE, Research URL

CVE-2024-12259

Home page URL

Security reports for CRM WordPress Plugin &#8211; RepairBuddy

Application

CRM WordPress Plugin &#8211; RepairBuddy

Date
Dec 18, 2024
Research Description
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Affected versions
Min -, max -.
Status
vulnerable
Jan 02, 2025

CRM WordPress Plugin &#8211; RepairBuddy # CVE-2024-56061

CVE, Research URL

CVE-2024-56061

Home page URL

Security reports for CRM WordPress Plugin &#8211; RepairBuddy

Application

CRM WordPress Plugin &#8211; RepairBuddy

Date
Dec 31, 2024
Research Description
Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.
Affected versions
Min -, max -.
Status
vulnerable
Apr 06, 2025

CRM WordPress Plugin &#8211; RepairBuddy # CVE-2025-32277

CVE, Research URL

CVE-2025-32277

Home page URL

Security reports for CRM WordPress Plugin &#8211; RepairBuddy

Application

CRM WordPress Plugin &#8211; RepairBuddy

Date
Apr 04, 2025
Research Description
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211.
Affected versions
Min -, max -.
Status
vulnerable