{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39586", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:48:44.714Z", "datePublished": "2026-04-08T08:30:21.237Z", "dateUpdated": "2026-04-08T08:30:21.237Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "computer-repair-shop", "product": "RepairBuddy", "vendor": "Ateeq Rafeeq", "versions": [{"changes": [{"at": "4.1133", "status": "unaffected"}], "lessThanOrEqual": "4.1132", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:55.495Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.<p>This issue affects RepairBuddy: from n/a through <= 4.1132.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:21.237Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-4-1132-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress RepairBuddy plugin <= 4.1132 - Sensitive Data Exposure vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132."}], "id": "CVE-2026-39586", "lastModified": "2026-04-08T21:26:35.910", "metrics": {}, "published": "2026-04-08T09:16:28.923", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/computer-repair-shop/vulnerability/wordpress-repairbuddy-plugin-4-1132-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.1132]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[4.1133,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RepairBuddy", "source": "cna", "vendor": "Ateeq Rafeeq"}, "product": "repairbuddy", "vendor": "ateeq_rafeeq"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T09:46:56.489443+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or the WordPress plugin repository for an update that fixes the exposure issue.", "Upgrade the RepairBuddy plugin to any version newer than 4.1132, such as 4.1133 or later, once released.", "Verify that no sensitive data is included in responses from the plugin after upgrading.", "If an update is not immediately available, consider disabling or removing features that reveal sensitive data or temporarily deactivating the plugin until a patched version is released."], "summary": {"action": "Patch Immediately", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is the RepairBuddy computer\u2011repair\u2011shop plugin developed by Ateeq Rafeeq. All instances of RepairBuddy version 4.1132 or earlier are vulnerable. Users running the plugin in those versions expose sensitive data.", "description_and_impact": "The vulnerability allows an attacker to retrieve sensitive information that is unintentionally embedded into the data sent by the RepairBuddy plugin. The defect arises from improper handling of sensitive data during data transmission, resulting in exposure of confidential information. The weakness is classified as CWE\u2011201, indicating that sensitive data is exposed to a wider audience than intended.", "risk_and_exploitability": "No CVSS or EPSS scores are provided, and the vulnerability is not listed in the CISA KEV catalog, so the documented severity is unknown. While the lack of an EPSS score does not rule out exploitation, the possibility remains because the weakness causes data leakage that could aid attackers in gathering information. As the vulnerability permits arbitrary data exposure, the attack vector is inferred to be through standard interactions with the plugin\u2019s output, likely via HTTP responses. The impact is the confidentiality of data transmitted by the plugin."}}}}, "created": "2026-04-08T19:30:00.726778+00:00", "updated": "2026-04-08T19:42:19.891487+00:00", "vendors": ["ateeq_rafeeq", "ateeq_rafeeq$PRODUCT$repairbuddy", "wordpress", "wordpress$PRODUCT$wordpress"]}