WordPress · Multicollab · CVE-2025-4202
**Name of the Vulnerable Software and Affected Versions**
Multicollab: Content Team Collaboration and Editorial Workflow versions prior to 5.3
**Description**
A missing capability check in the `cf add comment()` function allows authenticated attackers with Subscriber-level access or higher to perform unauthorized modification of data by adding comments to arbitrary collaborations.
**Recommendations**
Update to a version later than 5.2.
As a temporary workaround, restrict access to the `cf add comment()` function for users with Subscriber-level permissions.