CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update.
Configurations

No configuration.

History

19 Aug 2025, 13:42

Type Values Removed Values Added
Summary
  • (es) El tema Real Spaces - WordPress Properties Directory Theme para WordPress es vulnerable a la escalada de privilegios mediante el parámetro 'change_role_member' en todas las versiones hasta la 3.5 incluida. Esto se debe a la falta de restricciones en el rol de actualización de perfil. Esto permite que atacantes no autenticados elijan arbitrariamente su rol, incluido el de Administrador, durante una actualización de perfil.

19 Aug 2025, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-19 07:15

Updated : 2025-08-19 13:42


NVD link : CVE-2025-8218

Mitre link : CVE-2025-8218

CVE.ORG link : CVE-2025-8218


JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management