cleantalk
Vulnerabilities and Security Researches

CRM WordPress Plugin – RepairBuddy, CVE-2026-0820

CVE, Research URL

CVE-2026-0820

Home page URL

Security reports for CRM WordPress Plugin – RepairBuddy

Application

CRM WordPress Plugin – RepairBuddy

Published on
Jan 17, 2026
Research Description
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes.
Affected versions
max 4.1121.
Status
vulnerable
Previous vulnerability researches
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2014-8605) , Jun 06, 2024
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2014-8603) , Jun 06, 2024
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2015-4336) , Jun 06, 2024
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2015-4338) , Jun 06, 2024
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2014-2340) , Jun 06, 2024
New vulnerability
StreamWeasels Twitch Integration (CVE-2023-33999) , Jun 14, 2026
Add Linkedin insight tags for Linkedin ads (CVE-2023-33999) , Jun 14, 2026
Newsletter – Send awesome emails from WordPress (CVE-2025-3581) , Jun 14, 2026
AI Image Generator – Experience the future of image creation with AI (CVE-2023-33999) , Jun 14, 2026
TreePress – Easy Family Trees & Ancestor Profiles (CVE-2023-33999) , Jun 14, 2026