CVE-2025-7955
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: Wordfence

Description
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-7955
EUVD
EUVD-2025-26080
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ringcentral ringcentral_communications_plugin 1.5
ringcentral ringcentral_communications_plugin 1.6
ringcentral ringcentral_communications_plugin 1.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-7955 is a critical authentication bypass vulnerability in the RingCentral Communications WordPress plugin versions 1.5 through 1.6.8. The vulnerability arises from improper handling of the two-factor authentication (2FA) code during login. Instead of securely storing the 2FA code on the server side (such as in PHP sessions or user meta data), the plugin compares two POST parameters submitted by the client, which are fully controllable by an attacker. This flaw allows an unauthenticated attacker to bypass 2FA and log in as any user by supplying identical bogus codes. The issue was fixed in version 1.7.0 by properly persisting and validating the 2FA code on the server side. [1]

Impact Analysis

This vulnerability can have severe impacts as it allows unauthenticated attackers to bypass two-factor authentication and log in as any user on a WordPress site using the vulnerable RingCentral Communications plugin. This can lead to full compromise of user accounts, including administrative accounts, resulting in unauthorized access, data theft, site defacement, or further exploitation of the website. Given the high CVSS score (9.8), the impact includes complete confidentiality, integrity, and availability loss. [1]

Detection Guidance

This vulnerability can be detected by identifying if the RingCentral Communications WordPress plugin is installed and running a vulnerable version between 1.5 and 1.6.8. Since the vulnerability involves improper 2FA validation, you can check the plugin version via WordPress CLI commands such as `wp plugin list` to see the installed version of the ringcentral plugin. Additionally, monitoring HTTP POST requests to the login endpoint for suspicious identical 2FA code parameters could indicate exploitation attempts. However, no specific detection commands or network signatures are provided in the available resources. [1, 2]

Mitigation Strategies

The immediate mitigation step is to update the RingCentral Communications WordPress plugin to version 1.7.0 or later, where the vulnerability is fixed by properly persisting and validating the 2FA code on the server side. Until the update is applied, consider disabling the plugin or its 2FA feature to prevent exploitation. Also, review and restrict access to the WordPress admin login to trusted IPs if possible, and monitor login attempts for suspicious activity. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7955. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart