Older versions of the Digits plugin, specifically those below v8.4.6.1, are known to have critical security flaws:
The current official version of Digits is (as of April 2026). Using a nulled v7.9.4 means: Digits : WordPress Mobile Number and Login: Home Digits v7.9.4 Nulled.rar
Vulnerabilities like CVE-2025-4094 allow attackers to bypass security features and gain access to arbitrary accounts by brute-forcing OTP validation. Older versions of the Digits plugin, specifically those
Versions prior to 8.4.2 are susceptible to CVE-2024-0203 , which can allow attackers to gain administrator-level privileges through Cross-Site Request Forgery (CSRF). 2. Malicious Code in "Nulled" Files Older versions of the Digits plugin
Steal sensitive user data stored in your WordPress database. Gain full control over your server. 3. Lack of Updates and Support
The file refers to a cracked or "nulled" version of the Digits WordPress plugin , which is a premium tool used for mobile number registration and login via OTP (One-Time Password).