📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization

Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...

Exploit for CVE-2025-6758

Real Spaces - WordPress Properties Directory Theme ≤ 3.6...

EUVD-2025-28797

Malicious code in bioql PyPI...

CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2025-6758

The CVE covers the Real Spaces – WordPress Properties Directory Theme for WordPress, vulnerable to unauthenticated privilege escalation via the imic_agent_register function in all versions up to 3.6. The flaw stems from insufficient restrictions on the registration role, allowing an attacker to s...

CVE-2025-6758 Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imicagentregister' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticate...

CVE-2025-8218

The CVE (CVE-2025-8218) concerns Real Spaces – WordPress Properties Directory Theme. The vulnerability is a privilege-escalation flaw in the change_role_member parameter that fails to restrict the profile update role, allowing unauthenticated or subscriber-level actors to elevate to Administrator...

WordPress Real Spaces Theme <= 3.5 is vulnerable to Privilege Escalation

Software Real Spaces Type Theme Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-8218 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dbcfbeba0421 Credits Alyudin Nafiie...