CVE-2025-4094

State: PUBLISHED · Published: 2025-05-21 · Updated: 2025-08-27 · Assigner: WPScan

Description

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

CWE

(none)

Affected

Unknown / DIGITS: WordPress Mobile Number Signup and Login — v=0 <8.4.6.1 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2025/4xxx/CVE-2025-4094.json