Share:

CVE-2025-4094 - Unitedover Digits

May 21, 2025

Critical 9.8

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

Affected software

Unitedover Digits

Reference links

https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.