Vulnerabilities and security researches forrccp-free rccp-free

Dec 06, 2024

CVE, Research URL: CVE-2024-53770
Home page URL: Security reports for RingCentral Communications Plugin – FREE
Application: RingCentral Communications Plugin – FREE
Date: Dec 02, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1.
Affected versions: Min -, max -.
Status: vulnerable

Aug 28, 2025

CVE, Research URL: CVE-2025-7955
Home page URL: Security reports for RingCentral Communications Plugin – FREE
Application: RingCentral Communications Plugin – FREE
Date: Aug 28, 2025
Research Description: The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
Affected versions: Min -, max -.
Status: vulnerable