CVE-2025-6758
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | properties_directory_theme | 3.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Real Spaces WordPress Properties Directory Theme up to version 3.6. It allows unauthenticated attackers to escalate their privileges by exploiting the 'imic_agent_register' function, which lacks proper restrictions on the registration role. As a result, attackers can arbitrarily assign themselves any user role, including the Administrator role, during user registration.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows attackers to gain administrator-level access without authentication. This can lead to full control over the affected WordPress site, including the ability to modify content, steal data, install malicious code, or disrupt site operations.