Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4094 PoC — Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing

Source
https://github.com/POCPioneer/CVE-2025-4094-POC
Associated Vulnerability
Title:Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing (CVE-2025-4094)
Description:The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
Description
WordPress Plugin Digits < 8.4.6.1 - OTP Auth Bypass via Bruteforce (CVE-2025-4094)
Readme
# WordPress Plugin Digits OTP Bypass (CVE-2025-4094)

## Overview

This script is an exploit for the WordPress Plugin Digits (versions < 8.4.6.1) that allows for OTP (One-Time Password) authentication bypass via brute force. The exploit leverages a vulnerability identified as CVE-2025-4094. The script has been modified to utilize `ThreadPoolExecutor` for parallel attacks, significantly speeding up the brute-force process.

**Exploit Author:** Saleh Tarawneh

## Requirements

- Python 3.x
- `requests` library
- `argparse` library (included in Python standard library)
- `colorama` library

You can install the required libraries using pip:

```bash
pip install -r requirements.txt
```

## Usage

To run the script, use the following command:

```bash
python3 otp_bypass.py -u <TARGET_URL> -p <PHONE_NUMBER> -i <INSTANCE_ID> [OPTIONS]
```

### Arguments

- `-u`, `--url`: **(Required)** Target URL (e.g., `https://example.com/wp-admin/admin-ajax.php`)
- `-p`, `--phone`: **(Required)** Target phone number (digits only)
- `-i`, `--instance-id`: **(Required)** Instance ID from intercepted request
- `-d`, `--digits`: **(Optional)** OTP length (4 or 6 digits, default is 4)
- `-w`, `--workers`: **(Optional)** Number of parallel workers (default is 10)
- `--start`: **(Optional)** Starting OTP value (default is 0)
- `--end`: **(Optional)** Ending OTP value (default: 9999 for 4-digit, 999999 for 6-digit)
- `--proxy`: **(Optional)** Proxy (e.g., `http://127.0.0.1:8080`)

### Example

```bash
python3 otp_bypass.py -u https://example.com/wp-admin/admin-ajax.php -p 1234567890 -i <INSTANCE_ID> -d 4 -w 10
```

## Output

The script will display progress and results in the terminal. If a valid OTP is found, it will print the successful OTP and a snippet of the response from the server.

## Important Note

**Use responsibly and only on authorized systems.** Unauthorized access to systems is illegal and unethical. This script is intended for educational purposes and security testing with permission.

## License

This project is licensed under the MIT License. See the LICENSE file for details.

## Disclaimer

The author and contributors are not responsible for any misuse or damage caused by this script. Always ensure you have permission to test the systems you are targeting.
File Snapshot

 [4.0K]  /data/pocs/e77af86a21bfd55603626c59c98f9df806dbec30
├── [4.8K]  digits_otp_bypass_cve2025-4094.py
├── [2.2K]  README.md
└── [  27]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →