cleantalk
Vulnerabilities and Security Researches

Team Collaboration Plugin for WordPress Editorial teams- Multicollab, CVE-2025-4202

CVE, Research URL

CVE-2025-4202

Home page URL

Security reports for Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Application

Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Published on
May 16, 2026
Research Description
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations.
Affected versions
max 5.3.
Status
vulnerable
Previous vulnerability researches
Analytics Reduce Bounce Rate (CVE-2025-9635) , Oct 12, 2025
New vulnerability
Essential Chat Support (CVE-2026-8681) , May 18, 2026
Team Collaboration Plugin for WordPress Editorial teams- Multicollab (CVE-2025-4202) , May 18, 2026
WP Super Edit (CVE-2021-47965) , May 17, 2026
Notify Odoo (CVE-2026-8425) , May 17, 2026
WPGraphQL (CVE-2021-47959) , May 16, 2026