A high-severity privilege escalation vulnerability has been identified in the "Real Spaces - WordPress Properties Directory Theme" for WordPress. This flaw allows a low-privileged user to elevate their account to an administrator role, potentially leading to a complete compromise of the affected website. Immediate patching is required to prevent unauthorized access, data theft, and website defacement.

The theme contains a privilege escalation vulnerability due to an improper access control check. An authenticated but low-privileged attacker, such as a subscriber, can send a specially crafted request to the web server. By manipulating the change_role_member parameter in this request, the attacker can change their own user role to a higher-privileged one, such as 'administrator', without proper authorization.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have a significant negative impact on the business. An attacker with administrative access can take complete control of the WordPress site, leading to potential consequences such as website defacement, theft of sensitive customer or user data, installation of malware or backdoors, and using the compromised website to launch further attacks like phishing campaigns. This can result in reputational damage, financial loss, and regulatory penalties related to data breaches.

Immediate Action: All administrators of websites using the affected theme should immediately update it to the latest patched version provided by the vendor. After updating, review all user accounts, particularly those with administrative privileges, to ensure no unauthorized role changes have occurred. If the theme is no longer required, it should be deactivated and removed completely.

Proactive Monitoring: Security teams should monitor WordPress audit logs for any unusual or unauthorized user role modifications. Web server access logs should be reviewed for requests containing the change_role_member parameter. Monitor for the creation of new, unauthorized administrative accounts or unexpected changes to website content.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block requests containing the malicious change_role_member parameter. Restrict access to the WordPress administrative dashboard (/wp-admin/) to trusted IP addresses only. Enforce the principle of least privilege, ensuring users only have the permissions necessary for their roles.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical impact of a full site compromise, it is strongly recommended that organizations patch this vulnerability with the highest priority. The ease of exploitation means that once a public exploit becomes available, widespread attacks are likely to follow. Although this CVE is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion. All instances of the "Real Spaces" theme must be identified and updated immediately to mitigate this critical risk.