Unrated severityNVD Advisory· Published May 21, 2025· Updated Aug 27, 2025

Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

CVE-2025-4094

Description

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

Affected products

WordPress/Mobile Number Signup and Login WordPress plugindescription
DIGITS/DIGITSllm-create
Range: <8.4.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000