What is GHSA-f4x8-m8jx-pfpg?

GHSA-f4x8-m8jx-pfpg is a security advisory published by GitHub Security Advisories with Medium severity. The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is...

Which CVE IDs does GHSA-f4x8-m8jx-pfpg cover?

GHSA-f4x8-m8jx-pfpg covers the following CVE IDs: CVE-2025-4202. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-f4x8-m8jx-pfpg?

GHSA-f4x8-m8jx-pfpg has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-f4x8-m8jx-pfpgMediumCVSS 4.3

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2025-4202 →

📋 Description

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add comments to arbitrary collaborations.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2025-4202
https://plugins.trac.wordpress.org/browser/commenting-feature/tags/4.8.1/admin/classes/class-commenting-block-admin.php#L1239
https://plugins.trac.wordpress.org/changeset/3519252
https://www.wordfence.com/threat-intel/vulnerabilities/id/08ec2376-dfe3-4aeb-8173-01e88309f540?source=cve
https://github.com/advisories/GHSA-f4x8-m8jx-pfpg