CVE-2025-4094

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

WordPress Digits plugin < 8.4.6.1 - Auth Bypass via OTP Bruteforcing vulnerability

Auth Bypass via OTP Bruteforcing vulnerability discovered by Saleh Tarawneh in WordPress Plugin Digits versions 8.4.6.1...

CVE-2025-4094

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them...

WordPress plugin DIGITS 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-22323 · WordPress · Digits: Wordpress Mobile Number Signup/Login

Name of the Vulnerable Software and Affected Versions: The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin versions prior to 8.4.6.1 Description: The issue concerns the lack of rate limiting for OTP validation attempts, making it possible for attackers to brute force them...

WordPress Digits OTP Authentication Bypass

WordPress Digits plugin versions prior to 8.4.6.1 suffer from an OTP authentication bypass vulnerability...

WordPress Digits Plugin <= 8.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Digits Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d69a9fce5806 Credits István Márton Required...

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

Cross site request forgery (csrf)

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

CVE-2024-0203

CVE-2024-0203 (Digits WordPress plugin) affects WordPress Digits up to version 8.4.1. The vulnerability is a Cross‑Site Request Forgery caused by missing nonce validation in the digits_save_settings function. This allows unauthenticated attackers to push forged requests that can change the defaul...

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

Digits < 8.4.2 - Cross-Site Request Forgery to Privilege Escalation

Description The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of...

WordPress plugins Digits Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...