Plattform
wordpress
Komponente
real-spaces
Behoben in
3.6.1
CVE-2025-6758 represents a critical privilege escalation vulnerability discovered in the Real Spaces - WordPress Properties Directory Theme. This flaw allows unauthenticated attackers to escalate their privileges to the Administrator role during user registration, granting them complete control over the WordPress site. The vulnerability impacts versions 0.0.0 through 3.6 of the theme, and a patch is expected to be released by the vendor.
The impact of this vulnerability is severe. An attacker exploiting CVE-2025-6758 can gain full administrative access to the WordPress site without any prior authentication. This allows them to modify content, install malicious plugins, steal sensitive data (user credentials, database information), and potentially compromise the entire server. The attacker could deface the website, inject malware, or use the site as a launchpad for further attacks against other systems on the network. This vulnerability is particularly concerning given the popularity of WordPress and the potential for widespread exploitation.
CVE-2025-6758 was publicly disclosed on 2025-08-19. The vulnerability's ease of exploitation, combined with the widespread use of WordPress, suggests a high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity makes it likely that a PoC will emerge soon. Monitor security advisories and threat intelligence feeds for updates.
Websites using the Real Spaces - WordPress Properties Directory Theme, particularly those with user registration enabled, are at risk. Shared hosting environments where multiple WordPress sites share the same server are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others. Sites with outdated or unmaintained themes are also at higher risk.
• wordpress / composer / npm:
grep -r 'imic_agent_register' /var/www/html/wp-content/themes/real-spaces/• wordpress / composer / npm:
wp plugin list --status=active | grep real-spaces• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-login.php | grep -i 'server:'disclosure
Exploit-Status
EPSS
0.24% (47% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-6758 is to upgrade to a patched version of the Real Spaces theme as soon as it becomes available. Until a patch is released, consider temporarily disabling user registration or implementing stricter role-based access controls within WordPress. Web application firewalls (WAFs) configured to detect and block suspicious registration attempts could provide an additional layer of protection. Monitor WordPress logs for unusual user registration activity, particularly registrations with elevated roles. After upgrading, verify the fix by attempting a user registration and confirming that role assignment is restricted to authorized users.
Actualice el tema Real Spaces a una versión posterior a la 3.6. Esta actualización aborda la vulnerabilidad de escalada de privilegios al restringir la elección del rol durante el registro de usuarios, previniendo que atacantes no autenticados se asignen el rol de administrador.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-6758 is a critical vulnerability in the Real Spaces WordPress Properties Directory Theme allowing unauthenticated users to escalate privileges to Administrator. This impacts versions 0.0.0–3.6.
If you are using the Real Spaces WordPress Properties Directory Theme version 0.0.0 through 3.6, you are potentially affected by this privilege escalation vulnerability.
Upgrade to a patched version of the Real Spaces theme as soon as it becomes available. Until then, disable user registration or implement stricter role-based access controls.
While no public exploits are currently known, the vulnerability's simplicity suggests a high probability of exploitation. Monitor security advisories for updates.
Refer to the vendor's website or WordPress plugin repository for the official advisory and patch release information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.