PT-2025-34967 · WordPress · Ringcentral Communications
Kenneth Dunn
·
Published
2025-08-28
·
Updated
2025-08-28
·
CVE-2025-7955
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
RingCentral Communications plugin for WordPress versions 1.5 through 1.6.8
Description:
The RingCentral Communications plugin for WordPress is susceptible to authentication bypass due to insufficient validation within the
ringcentral admin login 2fa verify() function. This allows unauthenticated attackers to log in as any user by providing arbitrary codes.Recommendations:
Update to a version beyond 1.6.8.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ringcentral Communications