MEDIUM SeverityCVSS 3.14.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE-2025-4202
Last updated May 16, 2026 · Published May 16, 2026
Description
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations.
Affected products
1 listed- multicollab:Multicollab: Content Team Collaboration and Editorial Workflow
Mappings
CWE
CWE-862
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms