cleantalk
Vulnerabilities and Security Researches

CRM WordPress Plugin – RepairBuddy, CVE-2026-0820

CVE, Research URL

CVE-2026-0820

Home page URL

Security reports for CRM WordPress Plugin – RepairBuddy

Application

CRM WordPress Plugin – RepairBuddy

Published on
Jan 17, 2026
Research Description
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes.
Affected versions
max 4.1121.
Status
vulnerable
Previous vulnerability researches
Social Photo Gallery (CVE-2019-14467) , Jun 06, 2024
Photo Gallery ( Responsive ) (CVE-2025-27276) , Feb 26, 2025
Image Gallery – Responsive Photo Gallery (CVE-2025-24697) , Feb 05, 2025
Image Gallery – Responsive Photo Gallery (CVE-2024-12403) , Jan 16, 2025
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 (CVE-2023-1427) , Jun 06, 2024
New vulnerability
AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply. (CVE-2023-33999) , Jun 14, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2024-50502) , Jun 14, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2023-33999) , Jun 14, 2026
WP Sessions Time Monitoring Full Automatic (CVE-2022-4974) , Jun 14, 2026
WP Sessions Time Monitoring Full Automatic (CVE-2023-33999) , Jun 14, 2026