A Subscriber Broken Access Control vulnerability exists in RepairBuddy versions <= 4.1132. This vulnerability has been assigned a CVSS score of 6.5, indicating a Medium severity level. The vulnerability allows an attacker to bypass access controls, potentially leading to unauthorized access to sensitive information.
A Missing Authorization vulnerability in the RepairBuddy WordPress plugin by Webful Creations allows authenticated users with low privileges to exploit incorrectly configured access control security levels. The vulnerability affects RepairBuddy versions from n/a through 4.1121. The issue was published to the CVE List on 2026-05-26 and carries a CVSS 3.1 score of 4.3 (Medium severity), with a vector of CVS [truncated]