vulnerability

WordPress Plugin: rccp-free: CVE-2025-7955: Improper Authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 27, 2025	Aug 28, 2025	Sep 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 27, 2025

Added

Aug 28, 2025

Modified

Sep 2, 2025

Description

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.

Solution

rccp-free-plugin-cve-2025-7955

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-7955
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/0386ed09-296d-4f33-9fe0-964c0c0a9652?source=api-prod
CVE-2025-7955
https://attackerkb.com/topics/CVE-2025-7955
CWE-287

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today