CVE-2025-6758

CRITICAL

Imithemes Real Spaces - WordPress Properties Directory Theme <= 3.6 - Privilege Escalation

Title source: llm

Description

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during user registration.

Exploits (3)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-6758

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-6758

View Code ZIP pw:eip

github WORKING POC

by Nxploited · pythonpoc

https://github.com/Nxploited/CVE-2025-6758

View Code ZIP pw:eip

References (2)

[Various Sources] https://themeforest.net/item/real-spaces-wordpress-real-estate-theme/8219779

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b24858-dfcd-46f3-9552-c7acc63a1ee7?source=cve

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

imithemes/Real Spaces - WordPress Properties Directory Theme < 3.6

Published Aug 19, 2025

Tracked Since Feb 18, 2026