cleantalk
Vulnerabilities and Security Researches

RingCentral Communications Plugin – FREE, CVE-2025-7955

CVE, Research URL

CVE-2025-7955

Home page URL

Security reports for RingCentral Communications Plugin – FREE

Application

RingCentral Communications Plugin – FREE

Published on
Aug 28, 2025
Research Description
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
Affected versions
Min -, max 1.7.0.
Status
vulnerable
Previous vulnerability researches
Statify Widget (CVE-2025-48322) , Aug 28, 2025
New vulnerability
Savyour Affiliate Partner (CVE-2025-48306) , Aug 29, 2025
bidorbuy Store Integrator (CVE-2025-48100) , Aug 29, 2025
Best Theme Builder For Elementor – FREE (CVE-2025-58198) , Aug 29, 2025
Google XML News Sitemap plugin (CVE-2025-48304) , Aug 28, 2025
Simple Download Monitor (CVE-2025-8977) , Aug 28, 2025