CVE-2025-4094

Summary

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

Affected Software

VendorProductVersion RangeStatus
UnknownDIGITS: WordPress Mobile Number Signup and Login0 < 8.4.6.1affected

Weaknesses

  • CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References