Here are today's top three highest-risk vulnerabilities published across multiple authoritative sources, selected and summarized for you.
CVE: CVE-2025-13618
CVSS: 9.8
Risk level: CRITICAL
Affected versions: WordPress Mentoring plugin versions up to and including 1.2.8
Summary: This vulnerability allows unauthenticated remote attackers to gain administrator-level privileges on affected WordPress sites. The plugin fails to properly restrict the roles that new users can select during the registration process. Attackers can directly create fully privileged admin accounts to take over the entire site.
Remediation: Update the Mentoring plugin for WordPress to the latest patched version immediately. If a patched version is not available, disable and remove the plugin from your WordPress installation. Add web application firewall rules to block access to the vulnerable registration endpoint until remediation is complete.
Exploit info: No public exploit found yet.
ʳ·ʳCVE: CVE-2023-54344
CVSS: 9.3
Risk level: CRITICAL
Affected versions: Eclipse Equinox OSGi version 3.7.2 and all earlier versions
Summary: This unauthenticated remote code execution vulnerability affects the console interface of vulnerable Eclipse Equinox OSGi installations. Attackers can connect to the exposed console port and send malicious base64-encoded bash commands to execute arbitrary code. Successful exploitation allows attackers to establish reverse shells and fully compromise the affected host system.
Remediation: Upgrade Eclipse Equinox OSGi to a patched non-vulnerable version as soon as possible. If an immediate upgrade is not possible, restrict network access to the OSGi console port to only trusted IP addresses. Disable the OSGi console interface entirely if it is not required for your operations.
Exploit info: No public exploit found yet.
ᵉ‣ᵉCVE: CVE-2023-54342
CVSS: 9.3
Risk level: CRITICAL
Affected versions: Eclipse Equinox OSGi versions 3.8 through 3.18
Summary: This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running affected Eclipse Equinox OSGi. Attackers can connect to the exposed OSGi console via telnet and exploit the fork command functionality to run malicious code. Successful exploitation leads to full system compromise and remote control by attackers.
Remediation: Update Eclipse Equinox OSGi to a version outside the affected 3.8 to 3.18 range that patches this vulnerability. Restrict public network access to the OSGi console port to only authorized trusted sources until the update is applied. Disable the OSGi console if it is not actively used by your organization.
Exploit info: No public exploit found yet.
This digest is for your personal use only. Please do not share or forward. Unauthorized distribution may result in account termination.