cleantalk
Vulnerabilities and Security Researches

RingCentral Communications Plugin – FREE, CVE-2025-7955

CVE, Research URL

CVE-2025-7955

Home page URL

Security reports for RingCentral Communications Plugin – FREE

Application

RingCentral Communications Plugin – FREE

Published on
Aug 28, 2025
Research Description
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
Affected versions
Min -, max 1.7.0.
Status
vulnerable
Previous vulnerability researches
Ultimate twitter profile widget (CVE-2025-48321) , Aug 27, 2025
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025
Responsive Mobile-Friendly Tooltip (CVE-2025-48316) , Aug 29, 2025
Savyour Affiliate Partner (CVE-2025-48306) , Aug 29, 2025
bidorbuy Store Integrator (CVE-2025-48100) , Aug 29, 2025