WP-Safety

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Security & Risk Analysis

wordpress.org/plugins/commenting-feature

This plugin serves the commenting feature like Google Docs within the Gutenberg Editor!

300 active installs v5.2 PHP + WP 6.4+ Updated Dec 16, 2025
collaborationeditorialeditorial-commentsteam-collaborationworkflow
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Safe to Use in 2026?

Generally Safe

Score 100/100

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The commenting-feature plugin v5.2 exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries (93%) and output escaping (93%), and has no recorded vulnerability history (0 CVEs), there are significant concerns regarding its attack surface. A large majority of its entry points, specifically 28 out of 31, lack authentication checks. This includes a substantial number of AJAX handlers, which are prime targets for unauthorized actions. The single unsanitized path identified in the taint analysis, though not classified as critical or high severity, warrants attention as it represents a potential vector for unexpected behavior or data manipulation, especially in conjunction with the exposed AJAX endpoints. The plugin also has 8 external HTTP requests, which could be a vector if they are not properly secured or validated. The presence of bundled libraries like Select2 also introduces a dependency that needs to be managed for potential vulnerabilities in the library itself. The lack of robust authentication on most entry points is the most pressing issue, overshadowing the positive aspects of its coding practices and vulnerability-free history.

Key Concerns

  • High number of unprotected AJAX handlers
  • Unsanitized path identified in taint analysis
  • External HTTP requests present
  • Bundled library (Select2) present
Vulnerabilities
None known

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
40 prepared
Unescaped Output
41
509 escaped
Nonce Checks
6
Capability Checks
8
File Operations
0
External Requests
8
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

93% prepared43 total queries

Output Escaping

93% escaped550 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
cf_save_suggestions_mode (admin\classes\class-commenting-block-admin.php:1750)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
28 unprotected

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Attack Surface

Entry Points31
Unprotected28

AJAX Handlers 29

authwp_ajax_cf_free_plugin_wizard_submitadmin\classes\class-commenting-block-admin.php:107
authwp_ajax_cf_set_welcome_tour_completedadmin\classes\class-commenting-block-admin.php:124
authwp_ajax_cf_comments_historyincludes\class-commenting-block.php:178
authwp_ajax_cf_update_clickincludes\class-commenting-block.php:179
authwp_ajax_cf_get_userincludes\class-commenting-block.php:180
authwp_ajax_cf_add_commentincludes\class-commenting-block.php:181
authwp_ajax_cf_update_commentincludes\class-commenting-block.php:182
authwp_ajax_cf_delete_commentincludes\class-commenting-block.php:183
authwp_ajax_cf_delete_attachmentincludes\class-commenting-block.php:184
authwp_ajax_cf_resolve_threadincludes\class-commenting-block.php:185
authwp_ajax_cf_store_in_localstorageincludes\class-commenting-block.php:186
authwp_ajax_cf_save_settingsincludes\class-commenting-block.php:187
authwp_ajax_cf_save_slack_intigrationincludes\class-commenting-block.php:188
authwp_ajax_cf_slack_intigration_revokeincludes\class-commenting-block.php:189
authwp_ajax_cf_save_permissionsincludes\class-commenting-block.php:190
authwp_ajax_cf_save_suggestionsincludes\class-commenting-block.php:191
authwp_ajax_cf_save_email_notificationincludes\class-commenting-block.php:192
authwp_ajax_cf_save_suggestions_modeincludes\class-commenting-block.php:193
authwp_ajax_cf_get_user_email_listincludes\class-commenting-block.php:194
authwp_ajax_cf_get_matched_user_email_listincludes\class-commenting-block.php:195
authwp_ajax_cf_get_activitiesincludes\class-commenting-block.php:196
authwp_ajax_cf_get_activity_detailsincludes\class-commenting-block.php:197
authwp_ajax_cf_migrate_to_proincludes\class-commenting-block.php:198
authwp_ajax_cf_get_assignable_user_listincludes\class-commenting-block.php:199
authwp_ajax_cf_update_metaincludes\class-commenting-block.php:201
authwp_ajax_cf_license_activationincludes\class-commenting-block.php:202
authwp_ajax_cf_deactive_plugin_freeincludes\class-commenting-block.php:203
authwp_ajax_cf_suggestion_text_filterincludes\class-commenting-block.php:206
authwp_ajax_sg_update_suggestion_historyincludes\class-commenting-block.php:209

REST API Routes 2

GET/wp-json/cfcf-get-comments-apiadmin\classes\class-commenting-block-admin.php:1898
GET/wp-json/cfcf-get-comments-on-load-apiadmin\classes\class-commenting-block-admin.php:1910
WordPress Hooks 39
actionpost_updatedadmin\classes\class-commenting-block-admin.php:68
filteradmin_initadmin\classes\class-commenting-block-admin.php:70
filtermap_meta_capadmin\classes\class-commenting-block-admin.php:73
actionadmin_menuadmin\classes\class-commenting-block-admin.php:76
filtermanage_posts_columnsadmin\classes\class-commenting-block-admin.php:79
filtermanage_pages_columnsadmin\classes\class-commenting-block-admin.php:80
actionmanage_posts_custom_columnadmin\classes\class-commenting-block-admin.php:83
actionmanage_pages_custom_columnadmin\classes\class-commenting-block-admin.php:84
filtermanage_edit-post_sortable_columnsadmin\classes\class-commenting-block-admin.php:87
filtermanage_edit-page_sortable_columnsadmin\classes\class-commenting-block-admin.php:88
actionpre_get_postsadmin\classes\class-commenting-block-admin.php:91
filterthe_contentadmin\classes\class-commenting-block-admin.php:94
filterthe_titleadmin\classes\class-commenting-block-admin.php:97
actionrest_api_initadmin\classes\class-commenting-block-admin.php:100
actioninitadmin\classes\class-commenting-block-admin.php:103
actionadmin_footeradmin\classes\class-commenting-block-admin.php:105
actioncf_free_plugin_usage_dataadmin\classes\class-commenting-block-admin.php:109
filteradmin_body_classadmin\classes\class-commenting-block-admin.php:111
actionadmin_noticesadmin\classes\class-commenting-block-admin.php:115
actionadmin_noticesadmin\classes\class-commenting-block-admin.php:118
filtercron_schedulesadmin\classes\class-commenting-block-admin.php:120
filterregister_block_type_argsadmin\classes\class-commenting-block-admin.php:122
filterwp_kses_allowed_htmladmin\classes\class-commenting-block-admin.php:123
actionrest_api_initadmin\classes\class-commenting-block-rest-routes.php:25
filterplugin_row_metacommenting-block.php:46
actionactivated_plugincommenting-block.php:152
actioninitcommenting-block.php:169
actionplugins_loadedincludes\class-commenting-block.php:160
actionadmin_enqueue_scriptsincludes\class-commenting-block.php:174
actionenqueue_block_assetsincludes\class-commenting-block.php:175
actionadmin_enqueue_scriptsincludes\class-commenting-block.php:176
actionadmin_enqueue_scriptsincludes\class-commenting-block.php:177
actionrest_api_initincludes\class-commenting-block.php:200
actioninitincludes\class-commenting-block.php:208
actionwp_enqueue_scriptsincludes\class-commenting-block.php:222
actionwp_enqueue_scriptsincludes\class-commenting-block.php:223
actionuser_registerincludes\commenting-block-functions.php:27
actiondeleted_userincludes\commenting-block-functions.php:28
actiondelete_userincludes\commenting-block-functions.php:81

Scheduled Events 2

cf_free_plugin_usage_data
cf_daily_license_checker
Maintenance & Trust

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 16, 2025
PHP min version
Downloads25K

Community Trust

Rating74/100
Number of ratings10
Active installs300
Alternatives

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Alternatives

Quick Edit Notes

Quick Edit Notes

quick-edit-notes

A
92

Add internal notes to posts and pages directly from the Quick Edit interface and block editor in WordPress.

40 No CVEs
Edit Flow

Edit Flow

edit-flow

A
100

Redefining your editorial workflow.

5K No CVEs
Peter’s Post Notes

Peter’s Post Notes

peters-post-notes

A
85

Add notes to the "edit post" and "edit page" sidebars. Collaborators can also share notes on the WordPress dashboard.

3K No CVEs
Editorial Workflow Manager – Editorial Checklist for Gutenberg

Editorial Workflow Manager – Editorial Checklist for Gutenberg

editorial-workflow-manager

A
100

Editorial checklist and pre-publish workflow for the WordPress block editor (Gutenberg). Create reusable checklists with required/optional items and g …

100 No CVEs
Content Approval Workflow

Content Approval Workflow

content-approval-workflow

A
92

Enhance collaboration with this plugin. Easily assign reviewers, track status, and get timely notifications for a seamless content review process.

80 No CVEs
Developer Profile

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab Developer Profile

Multicollab

2 plugins · 310 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/commenting-feature/assets/css/style.css/wp-content/plugins/commenting-feature/assets/js/commenting-block.js/wp-content/plugins/commenting-feature/assets/js/commenting-block-admin.js
Script Paths
/wp-content/plugins/commenting-feature/assets/js/commenting-block.js/wp-content/plugins/commenting-feature/assets/js/commenting-block-admin.js
Version Parameters
commenting-feature/assets/css/style.css?ver=commenting-feature/assets/js/commenting-block.js?ver=commenting-feature/assets/js/commenting-block-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf-comment-wrappercf-comment-listcf-add-commentcf-comment-formcf-suggestion-wrappercf-suggestion-listcf-add-suggestioncf-suggestion-form
HTML Comments
<!-- Begin Comment Block --><!-- End Comment Block --><!-- Begin Suggestion Block --><!-- End Suggestion Block -->
Data Attributes
data-post-iddata-user-iddata-comment-iddata-cf-field
JS Globals
commenting_block_ajax_objectcommenting_block_nonce
REST Endpoints
/wp-json/commenting-feature/v1/comments/wp-json/commenting-feature/v1/suggestions
Shortcode Output
[commenting_block][commenting_suggestion]
FAQ

Frequently Asked Questions about Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab