CVE-2026-0820

Name of the Vulnerable Software and Affected Versions RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress versions prior to 4.1116

Description The RepairBuddy plugin for WordPress is susceptible to Insecure Direct Object Reference. This is due to the absence of appropriate capability checks within the wc upload and save signature handler function. Authenticated attackers possessing Subscriber-level access or higher can upload arbitrary signatures to any order, potentially altering order metadata and causing unauthorized status modifications.

Recommendations Update to a version newer than 4.1116.