Auth bypass in Sweetdaisy86 Repairbuddy – Repair Shop Crm & Booking Plugin For Wordpress
CVE-2026-3567
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when combined, allow any authenticated user to m…
Vulnerability class: Broken Access Control
EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
Weakness classification (CWE)
References
- www.wordfence.com/threat-intel/vulnerabilities/id/bb4b3778-7211-4a56-a2e5-1f455…
- plugins.trac.wordpress.org/browser/computer-repair-shop/trunk/lib/includes/main…
- plugins.trac.wordpress.org/browser/computer-repair-shop/tags/4.1121/lib/include…
- plugins.trac.wordpress.org/browser/computer-repair-shop/trunk/lib/shortcodes/bo…
- plugins.trac.wordpress.org/browser/computer-repair-shop/tags/4.1121/lib/shortco…
- plugins.trac.wordpress.org/changeset
Frequently asked questions
- What is CVE-2026-3567?
- CVE-2026-3567 is a medium-severity vulnerability in Sweetdaisy86 Repairbuddy – Repair Shop Crm & Booking Plugin For Wordpress, classified under Missing Authorization. CVSS score: 5.3/10. Published 2026-03-20.
- How severe is CVE-2026-3567?
- Medium severity. CVSS v3 base score is 5.3 out of 10.