Lucene search
K

5 matches found

Patchstack
Patchstack
added 2025/05/21 8:14 p.m.18 views

WordPress Digits plugin < 8.4.6.1 - Auth Bypass via OTP Bruteforcing vulnerability

Auth Bypass via OTP Bruteforcing vulnerability discovered by Saleh Tarawneh in WordPress Plugin Digits versions 8.4.6.1...

9.8CVSS8.7AI score0.16444EPSS
Exploits4References1Affected Software1
NVD
NVD
added 2025/05/21 6:16 a.m.28 views

CVE-2025-4094

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

9.8CVSS0.16444EPSS
Exploits4References1
CVE
CVE
added 2025/05/21 6:0 a.m.86 views

CVE-2025-4094

CVE-2025-4094 affects the Digits WordPress plugin: versions prior to 8.4.6.1 do not rate-limit OTP validation attempts, enabling brute-force attacks that can bypass authentication. Public disclosures and PoCs describe OTP brute-forcing across forgot-password and OTP validation endpoints, with exp...

9.8CVSS6.5AI score0.16444EPSS
Exploits4References1Affected Software1
GithubExploit
GithubExploit
added 2025/05/15 1:13 p.m.478 views

Exploit for CVE-2025-4094

WordPress Plugin Digits OTP Bypass CVE-2025-4094 Overvie...

9.8CVSS9.5AI score0.16444EPSS
Exploits4
Circl
Circl
added 2025/05/15 4:50 a.m.36 views

CVE-2025-4094

creationtimestamp| type| source ---|---|--- 2025-05-15 04:50:18+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/36841 2025-05-15 13:17:26+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/36884 2025-05-21 22:41:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17207...

9.8CVSS7.7AI score0.16444EPSS
Exploits4References4
Rows per page
Query Builder