5 matches found
WordPress Digits plugin < 8.4.6.1 - Auth Bypass via OTP Bruteforcing vulnerability
Auth Bypass via OTP Bruteforcing vulnerability discovered by Saleh Tarawneh in WordPress Plugin Digits versions 8.4.6.1...
CVE-2025-4094
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...
CVE-2025-4094
CVE-2025-4094 affects the Digits WordPress plugin: versions prior to 8.4.6.1 do not rate-limit OTP validation attempts, enabling brute-force attacks that can bypass authentication. Public disclosures and PoCs describe OTP brute-forcing across forgot-password and OTP validation endpoints, with exp...
Exploit for CVE-2025-4094
WordPress Plugin Digits OTP Bypass CVE-2025-4094 Overvie...
CVE-2025-4094
creationtimestamp| type| source ---|---|--- 2025-05-15 04:50:18+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/36841 2025-05-15 13:17:26+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/36884 2025-05-21 22:41:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17207...