WP-Safety

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/computer-repair-shop

All-in-one Repair Shop CRM & Booking System for WordPress. Accept online repair bookings, manage appointments, devices, technicians, invoices, pay …

400 active installs v4.1133 PHP 8.1+ WP 5.0+ Updated Mar 9, 2026
appointment-bookingbooking-systemdevice-repair-managementrepair-shop-crmrepair-shop-software
77
B · Generally Safe
CVEs total8
Unpatched0
Last CVEMar 20, 2026
Plugin page Download
Safety Verdict

Is RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Safe to Use in 2026?

Mostly Safe

Score 77/100

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is generally safe to use. 8 past CVEs were resolved. Keep it updated.

8 known CVEsLast CVE: Mar 20, 2026Updated 26d ago
Risk Assessment

The 'computer-repair-shop' plugin, version 4.1133, presents a concerning security posture despite a seemingly clean static analysis of its current code. While the static analysis reports no direct vulnerabilities in the analyzed code (0 unprotected entry points, 0 dangerous functions, 0 taint flows), this is heavily contradicted by its historical vulnerability record. The plugin has a history of 7 known CVEs, with 2 critical and 2 high-severity vulnerabilities previously discovered. These past issues, including SQL Injection and Cross-Site Scripting, alongside missing authorization and unrestricted file uploads, indicate a pattern of significant security flaws in past versions. The fact that there are currently no unpatched vulnerabilities is a positive sign, suggesting the developers are addressing issues, but the recurring nature and severity of past flaws cannot be ignored. The lack of preparedness in the static analysis (0 nonce checks, 0 capability checks) coupled with raw SQL queries without prepared statements (3 total, 0% prepared) are significant red flags that indicate potential for future vulnerabilities to emerge, especially if new functionality is added or existing code is modified without rigorous security review. The presence of bundled libraries like Select2 and dompdf also introduces potential risks if they are outdated or have known vulnerabilities.

Key Concerns

  • Raw SQL queries without prepared statements
  • No nonce checks implemented
  • No capability checks implemented
  • Bundled libraries (Select2, dompdf) may be outdated
  • High historical vulnerability count (7 CVEs)
  • Previous critical severity vulnerabilities
  • Previous high severity vulnerabilities
Vulnerabilities
8

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2022
2022
3 CVEs in 2024
2024
1 CVE in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
2
High
2
Medium
4

8 total CVEs

CVE-2026-3567medium · 5.3Missing Authorization

RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action

Mar 20, 2026 Patched in 4.1133 (1d)
CVE-2026-0820medium · 4.3Missing Authorization

RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders

Jan 16, 2026 Patched in 4.1121 (70d)
CVE-2025-32277medium · 4.3Missing Authorization

CRM WordPress Plugin – RepairBuddy <= 3.8213 - Missing Authorization

Apr 4, 2025 Patched in 3.8214 (68d)
CVE-2024-56061critical · 9.8Missing Authorization

Computer Repair Shop <= 3.8119 - Authenticated (Customer+) Privilege Esclation via Account Takeover

Dec 18, 2024 Patched in 3.8120 (22d)
CVE-2024-12259high · 8.8Missing Authorization

CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation

Dec 17, 2024 Patched in 3.8122 (1d)
CVE-2024-51793critical · 9.8Unrestricted Upload of File with Dangerous Type

Computer Repair Shop <= 3.8115 - Unauthenticated Arbitrary File Upload

Nov 8, 2024 Patched in 3.8116 (8d)
WF-642a6d42-100f-4461-b568-35e089287902-computer-repair-shophigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CRM WordPress Plugin – RepairBuddy <= 3.72 - SQL Injection

May 19, 2022 Patched in 3.73 (614d)
WF-03b1376e-8ef3-4bd2-904b-6819aa21d144-computer-repair-shopmedium · 6.6Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Computer Repair Shop < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 13, 2020 Patched in 2.0 (1471d)
Code Analysis
Analyzed Mar 16, 2026

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
1
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2dompdf

SQL Query Safety

0% prepared3 total queries

Output Escaping

91% escaped11 total outputs
Attack Surface

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menuadmin_menu.php:205
actionadmin_headadmin_menu.php:240
actionadmin_footeradmin_menu.php:283
actionplugins_loadedcomputer_repair_shop.php:36
actionadmin_enqueue_scriptscomputer_repair_shop.php:139
actionadmin_initcomputer_repair_shop.php:148
actioninitcomputer_repair_shop.php:152
actionadmin_noticescomputer_repair_shop.php:222
actionin_admin_headercomputer_repair_shop.php:228
Maintenance & Trust

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version8.1
Downloads33K

Community Trust

Rating98/100
Number of ratings20
Active installs400
Alternatives

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Alternatives

Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
88

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 9 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 22 CVEs
Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution

Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution

fluent-booking

A
95

The ultimate solution for booking appointments, meetings, webinars, events, sales calls, and more.

10K 3 CVEs
Booking calendar, Appointment Booking System

Booking calendar, Appointment Booking System

booking-calendar

C
50

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 1 unpatched
Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

Bookings for WooCommerce – Create Booking Calendar, Start Scheduling, Manage Bookings And Appointments

mwb-bookings-for-woocommerce

A
100

This WordPress Booking Plugin lets you manage full-day bookings, service appointments, Accept/reject bookings, show booking availability & much more.

4K No CVEs
Developer Profile

RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress Developer Profile

Ateeq Rafeeq

4 plugins · 420 total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
282 days
View full developer profile
Detection Fingerprints

How We Detect RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/computer-repair-shop/assets/admin/css/foundation.min.css/wp-content/plugins/computer-repair-shop/assets/admin/css/style.css/wp-content/plugins/computer-repair-shop/assets/admin/css/editpage_styles.css/wp-content/plugins/computer-repair-shop/assets/admin/css/select2.min.css/wp-content/plugins/computer-repair-shop/assets/admin/js/foundation.min.js/wp-content/plugins/computer-repair-shop/assets/admin/js/select2.min.js/wp-content/plugins/computer-repair-shop/assets/admin/js/my-admin.js/wp-content/plugins/computer-repair-shop/assets/admin/js/ajax_scripts.js+7 more
Script Paths
/wp-content/plugins/computer-repair-shop/assets/admin/js/foundation.min.js/wp-content/plugins/computer-repair-shop/assets/admin/js/select2.min.js/wp-content/plugins/computer-repair-shop/assets/admin/js/my-admin.js/wp-content/plugins/computer-repair-shop/assets/admin/js/ajax_scripts.js/wp-content/plugins/computer-repair-shop/assets/admin/js/fullcalendar/popper.min.js/wp-content/plugins/computer-repair-shop/assets/admin/js/fullcalendar/tooltip.min.js+4 more
Version Parameters
computer-repair-shop/assets/admin/css/style.css?ver=computer-repair-shop/assets/admin/css/editpage_styles.css?ver=computer-repair-shop/assets/admin/css/select2.min.css?ver=computer-repair-shop/assets/admin/js/foundation.min.js?ver=computer-repair-shop/assets/admin/js/select2.min.js?ver=computer-repair-shop/assets/admin/js/my-admin.js?ver=computer-repair-shop/assets/admin/js/ajax_scripts.js?ver=computer-repair-shop/assets/admin/js/file_upload.js?ver=computer-repair-shop/assets/vendors/intl-tel-input/js/intlTelInputWithUtils.min.js?ver=computer-repair-shop/assets/vendors/intl-tel-input/css/intlTelInput.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
wc-admin-stylewc-admin-edit-stylewc-file-js
Data Attributes
data-noncedata-wc-nonce
JS Globals
ajax_objWC_CR_SHOP_VERSIONREPAIRBUDDY_HOME_URLWC_COMPUTER_REPAIR_SHOP_FOLDERWCRB_DEFINE_PLUGIN_BASE_FILEWC_COMPUTER_REPAIR_SHOP_DIR+1 more
FAQ

Frequently Asked Questions about RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress