CVE-2025-4094

Published: May 21, 2025Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

Affected (1)

Products: Unitedover: Digits

Unitedover

1 product

Digits

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Unitedover Digits	Before 8.4.6.1

References (1)

https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.