CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

May 21, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing
Type cve
Published 2025-05-21T06:00:09
Last Seen 2025-05-21T07:09:04

CVSS Information

Base Score 0.0 ()
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description The DIGITS: WordPress Mobile Number Signup and Login plugin before version 8.4.6.1 does not properly implement rate limiting for OTP (One-Time Password) validation attempts. This allows attackers to perform brute-force attacks to bypass authentication, potentially gaining unauthorized access to user accounts.
AI Severity Medium
Vendor WordPress Community
Product DIGITS: WordPress Mobile Number Signup and Login
Affected Version < 8.4.6.1

Additional Information

CVE List CVE-2025-4094
CWE List
Bulletin Family cve

Description

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making…

CVSS Score Summary

Base Score: %!f(string=#) ()

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.