{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:45:52.501","vulnerabilities":[{"cve":{"id":"CVE-2025-8218","sourceIdentifier":"security@wordfence.com","published":"2025-08-19T07:15:30.980","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update."},{"lang":"es","value":"El tema Real Spaces - WordPress Properties Directory Theme para WordPress es vulnerable a la escalada de privilegios mediante el parámetro 'change_role_member' en todas las versiones hasta la 3.5 incluida. Esto se debe a la falta de restricciones en el rol de actualización de perfil. Esto permite que atacantes no autenticados elijan arbitrariamente su rol, incluido el de Administrador, durante una actualización de perfil."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://themeforest.net/item/real-spaces-wordpress-real-estate-theme/8219779","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2d07880b-9af1-4b1e-aa70-b95ef10a6e33?source=cve","source":"security@wordfence.com"}]}}]}