Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 17 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Multicollab
Multicollab multicollab: Content Team Collaboration And Editorial Workflow Wordpress Wordpress wordpress |
|
| Vendors & Products |
Multicollab
Multicollab multicollab: Content Team Collaboration And Editorial Workflow Wordpress Wordpress wordpress |
Sat, 16 May 2026 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations. | |
| Title | Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-05-18T17:53:40.213Z
Reserved: 2025-05-01T16:22:13.929Z
Link: CVE-2025-4202
Updated: 2026-05-18T17:40:37.326Z
Status : Deferred
Published: 2026-05-16T13:16:16.073
Modified: 2026-06-17T09:32:45.650
Link: CVE-2025-4202
No data.
OpenCVE Enrichment
Updated: 2026-05-17T17:01:03Z