Sensitive Data Exposure in Ateeq Rafeeq RepairBuddy Plugin for WordPress
CVE-2026-39586

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Repairbuddy
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39586?

The RepairBuddy plugin by Ateeq Rafeeq contains a significant vulnerability that allows attackers to retrieve embedded sensitive data. This issue impacts versions from n/a up to 4.1132. As such, users of the RepairBuddy plugin are strongly advised to update to the latest version to mitigate the risk associated with this vulnerability and safeguard sensitive information.

Affected Version(s)

RepairBuddy 0 <= 4.1132

References

https://patchstack.com/database/Wordpress/Plugin/computer...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program

CVE-2026-39586 Data

JSON