cleantalk
Vulnerabilities and Security Researches

Team Collaboration Plugin for WordPress Editorial teams- Multicollab, CVE-2025-4202

CVE, Research URL

CVE-2025-4202

Home page URL

Security reports for Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Application

Team Collaboration Plugin for WordPress Editorial teams- Multicollab

Published on
May 16, 2026
Research Description
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations.
Affected versions
max 5.3.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
New vulnerability
Essential Chat Support (CVE-2026-8681) , May 18, 2026
Team Collaboration Plugin for WordPress Editorial teams- Multicollab (CVE-2025-4202) , May 18, 2026
WP Super Edit (CVE-2021-47965) , May 17, 2026
Notify Odoo (CVE-2026-8425) , May 17, 2026
WPGraphQL (CVE-2021-47959) , May 16, 2026