PT-2025-33710 · WordPress · Real Spaces - Wordpress Properties Directory Theme
Alyudin Nafiie
·
Published
2025-08-19
·
Updated
2025-08-24
·
CVE-2025-8218
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Real Spaces - WordPress Properties Directory Theme versions prior to 3.6
Description:
The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the
change role member parameter during profile updates. This occurs due to insufficient restrictions on the profile update role, allowing unauthenticated attackers to arbitrarily select their role, including Administrator.Recommendations:
Update Real Spaces - WordPress Properties Directory Theme to version 3.6 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Real Spaces - Wordpress Properties Directory Theme