Impact
The vulnerability is a broken access control flaw in the WordPress RepairBuddy plugin versions up to 4.1132. Attackers who can authenticate as a subscriber may bypass the intended restrictions and gain access to functions or data that should only be available to higher‑privilege users. This violates the principle of least privilege and can lead to unauthorized data exposure or modification. The flaw aligns with CWE‑862, indicating improper enforcement of access permissions.
Affected Systems
WordPress sites that have installed the RepairBuddy plugin from Webful Creations and are running version 4.1132 or earlier are affected. Site administrators should verify that the plugin version has been updated to 4.1133 or later.
Risk and Exploitability
The CVSS score of 6.5 classifies the vulnerability as moderately severe, while the EPSS score of less than 1% suggests a very low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation would most likely occur through web requests to the plugin’s endpoints that lack proper access checks, allowing a legitimate subscriber user to access protected functionalities.
OpenCVE Enrichment