cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcommenting-feature commenting-feature

Direction: ascending
Jun 07, 2024

Team Collaboration Plugin for WordPress Editorial teams- Multicollab # ef2fc1de0d6ec71ef3da6da103bbfb1b5e775451

CVE, Research URL

ef2fc1de0d6ec71ef3da6da103bbfb1b5e775451

Home page URL

Security reports for Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Application

Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Date
Feb 28, 2022
Research Description
Team Collaboration Plugin for WordPress Editorial teams- Multicollab [commenting-feature] < 3.2 WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress plugin <= 2.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Multicollab – Google Doc-Style Editorial Commenting for WordPress plugin (versions <= 2.0.3).
Affected versions
max 3.2.
Status
vulnerable
Nov 16, 2024

Team Collaboration Plugin for WordPress Editorial teams- Multicollab # CVE-2022-4974

CVE, Research URL

CVE-2022-4974

Home page URL

Security reports for Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Application

Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Date
Oct 16, 2024
Research Description
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions
max 2.0.4.
Status
vulnerable
May 18, 2026

Team Collaboration Plugin for WordPress Editorial teams- Multicollab # CVE-2025-4202

CVE, Research URL

CVE-2025-4202

Home page URL

Security reports for Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Application

Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Date
May 16, 2026
Research Description
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations.
Affected versions
max 5.3.
Status
vulnerable