CVE-2025-8218 - Vulnerability Details

- Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

Description

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update.

Published: 2025-08-19

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Real Spaces WordPress Properties Directory Theme enables a user to change their role via the 'change_role_member' parameter, but the theme lacks any restriction on role assignment. As a result, an attacker who can trigger a profile update can set the role to Administrator, effectively bypassing all security controls and gaining full control over the site. This is a classic privilege escalation flaw, classified as CWE‑269.

Affected Systems

The vulnerability exists in all releases of the Real Spaces WordPress Properties Directory Theme up to and including version 3.5. The theme is distributed by imithemes and is installed as a WordPress plugin or theme package under the path Real Spaces. Any WordPress deployment that uses these versions is potentially affected.

Risk and Exploitability

The CVSS score of 8.8 reflects a high severity exploitation risk, while the EPSS score of less than 1% indicates that commercial exploit tools are currently not widely spread. The flaw does not appear in CISA’s KEV catalog. Attackers can exploit the issue without prior authentication, simply by sending a crafted request that includes the 'change_role_member' parameter. Once the role is escalated to Administrator, the attacker can modify site content, install additional malicious plugins, and manipulate sensitive data. Given the low EPSS but high CVSS, precautionary patching is strongly recommended.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

imithemes

Real Spaces - WordPress Properties Directory Theme

unaffected

Version	Status	Constraints
`0`	affected	≤ 3.5

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Real Spaces theme to version 3.6 or later to remove the vulnerable parameter handling.
If an upgrade is temporarily infeasible, remove or disable the 'change_role_member' parameter within the theme code or by using a custom plugin that filters out the request variable.
After the change, audit existing user accounts for suspicious Administrator privileges and reset any that should not have that level of access.

Generated by OpenCVE AI on April 22, 2026 at 14:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-28797	The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00251.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://themeforest.net/item/real-spaces-wordpress-real-estate-theme/8219779
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d07880b-9af1-4b1e-aa70-b95ef10a6e33?source=cve

History

Tue, 19 Aug 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 19 Aug 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update.
Title		Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'
Weaknesses		CWE-269
References		https://themeforest.net/item/real-spaces-wordpress-real-estate-theme/8219779 https://www.wordfence.com/threat-intel/vulnerabilities/id/2d07880b-9af1-4b1e-aa70-b95ef10a6e33?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-08-19T06:45:26.792Z

Updated: 2026-04-08T16:44:02.681Z

Reserved: 2025-07-25T23:50:32.495Z

Link: CVE-2025-8218

Vulnrichment

Updated: 2025-08-19T13:23:24.505Z

NVD

Status : Deferred

Published: 2025-08-19T07:15:30.980

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-8218

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T14:30:18Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object