{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0820", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-09T18:16:47.579Z", "datePublished": "2026-01-17T03:24:23.562Z", "dateUpdated": "2026-04-16T13:54:59.241Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:38:12.383Z"}, "affected": [{"vendor": "sweetdaisy86", "product": "RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.1116", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes."}], "title": "RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b2ad299-03b1-4b9e-a241-d2ad2d85c3ac?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/trunk/lib/includes/classes/class-wcrb_signature.php#L562"}, {"url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/tags/4.1116/lib/includes/classes/class-wcrb_signature.php#L562"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3436356%40computer-repair-shop&new=3436356%40computer-repair-shop&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Teerachai Somprasong"}], "timeline": [{"time": "2026-01-09T20:31:22.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-16T14:36:16.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:54:51.407197Z", "id": "CVE-2026-0820", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:54:59.241Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0820", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:54:51.407197Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:47:32.783Z"}}], "cna": {"title": "RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders", "credits": [{"lang": "en", "type": "finder", "value": "Teerachai Somprasong"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "sweetdaisy86", "product": "RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.1116"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-09T20:31:22.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-16T14:36:16.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b2ad299-03b1-4b9e-a241-d2ad2d85c3ac?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/trunk/lib/includes/classes/class-wcrb_signature.php#L562"}, {"url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/tags/4.1116/lib/includes/classes/class-wcrb_signature.php#L562"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3436356%40computer-repair-shop&new=3436356%40computer-repair-shop&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:38:12.383Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0820", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:54:59.241Z", "dateReserved": "2026-01-09T18:16:47.579Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-17T03:24:23.562Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and including, 4.1116. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary signatures to any order in the system, potentially modifying order metadata and triggering unauthorized status changes."}, {"lang": "es", "value": "El plugin RepairBuddy \u2013 Repair Shop CRM &amp; Booking Plugin para WordPress plugin de WordPress es vulnerable a Referencia Directa a Objeto Insegura debido a la falta de comprobaciones de capacidad en la funci\u00f3n wc_upload_and_save_signature_handler en todas las versiones hasta la 4.1116, inclusive. Esto permite a atacantes autenticados, con acceso de nivel Suscriptor y superior, cargar firmas arbitrarias a cualquier pedido en el sistema, modificando potencialmente los metadatos del pedido y desencadenando cambios de estado no autorizados."}], "id": "CVE-2026-0820", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-01-17T04:16:08.150", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/tags/4.1116/lib/includes/classes/class-wcrb_signature.php#L562"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/computer-repair-shop/trunk/lib/includes/classes/class-wcrb_signature.php#L562"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3436356%40computer-repair-shop&new=3436356%40computer-repair-shop&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b2ad299-03b1-4b9e-a241-d2ad2d85c3ac?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T21:46:57.952673+00:00", "value": {"mitigation_remediation": ["Upgrade RepairBuddy to a version newer than 4.1116 where the IDOR issue has been fixed.", "Restrict the signature upload functionality to administrator or a custom higher\u2011privilege role by modifying the plugin\u2019s capability settings or adding a server\u2011side capability check.", "If an upgrade is not immediately possible, temporarily disable the signature upload feature for Subscriber and lower roles to prevent unauthorized modifications."], "summary": {"action": "Update Plugin", "impact": "Unauthorized Modification of Order Data"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the sweetdaisy86 RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress, all releases up to and including version 4.1116. Sites running this plugin without an update to a later release are exposed.", "description_and_impact": "The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress contains an Insecure Direct Object Reference flaw in the wc_upload_and_save_signature_handler function. The missing capability check allows any authenticated user with Subscriber role or higher to upload an arbitrary signature file to any order, thereby manipulating order metadata and triggering unauthorized status changes. This undermines the integrity of order data and can be used to tamper with customer records or order processing logic.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity issue, and the EPSS score of less than 1% reflects a very low probability of exploitation in the wild. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers need only authenticated access with a Subscriber role or higher, which is typically granted to standard site users. The exploit path is straightforward: an attacker logs in, targets the upload endpoint, and supplies a signature file to modify any order\u2019s data. Because the vulnerability lacks an elevated privilege requirement, the risk is dominated by the potential for data integrity compromise rather than widespread system compromise."}}}}, "created": "2026-01-19T09:19:31.862626+00:00", "updated": "2026-04-15T22:00:06.623161+00:00", "vendors": ["sweetdaisy86", "sweetdaisy86$PRODUCT$repairbuddy_\u2013_repair_shop_crm_&_booking_plugin_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}