Exploit for CVE-2025-4094

Name: Exploit for CVE-2025-4094
Rating: 5 (220 reviews)
2025-05-15 | CVSS 9.8
## https://sploitus.com/exploit?id=2E53879E-869F-503D-8FC6-A0A8FCCD0F2C
# WordPress Plugin Digits OTP Bypass (CVE-2025-4094)

## Overview

This script is an exploit for the WordPress Plugin Digits (versions < 8.4.6.1) that allows for OTP (One-Time Password) authentication bypass via brute force. The exploit leverages a vulnerability identified as CVE-2025-4094. The script has been modified to utilize `ThreadPoolExecutor` for parallel attacks, significantly speeding up the brute-force process.

**Exploit Author:** Saleh Tarawneh

## Requirements

- Python 3.x
- `requests` library
- `argparse` library (included in Python standard library)
- `colorama` library

You can install the required libraries using pip:

```bash
pip install -r requirements.txt
```

## Usage

To run the script, use the following command:

```bash
python3 otp_bypass.py -u <TARGET_URL> -p <PHONE_NUMBER> -i <INSTANCE_ID> [OPTIONS]
```

### Arguments

- `-u`, `--url`: **(Required)** Target URL (e.g., `https://example.com/wp-admin/admin-ajax.php`)
- `-p`, `--phone`: **(Required)** Target phone number (digits only)
- `-i`, `--instance-id`: **(Required)** Instance ID from intercepted request
- `-d`, `--digits`: **(Optional)** OTP length (4 or 6 digits, default is 4)
- `-w`, `--workers`: **(Optional)** Number of parallel workers (default is 10)
- `--start`: **(Optional)** Starting OTP value (default is 0)
- `--end`: **(Optional)** Ending OTP value (default: 9999 for 4-digit, 999999 for 6-digit)
- `--proxy`: **(Optional)** Proxy (e.g., `http://127.0.0.1:8080`)

### Example

```bash
python3 otp_bypass.py -u https://example.com/wp-admin/admin-ajax.php -p 1234567890 -i <INSTANCE_ID> -d 4 -w 10
```

## Output

The script will display progress and results in the terminal. If a valid OTP is found, it will print the successful OTP and a snippet of the response from the server.

## Important Note

**Use responsibly and only on authorized systems.** Unauthorized access to systems is illegal and unethical. This script is intended for educational purposes and security testing with permission.

## License

This project is licensed under the MIT License. See the LICENSE file for details.

## Disclaimer

The author and contributors are not responsible for any misuse or damage caused by this script. Always ensure you have permission to test the systems you are targeting.