Vulnerability  ·  2026-07-02

Royal MCP WordPress Plugin — Low-Privilege Users Can Invoke Unrestricted MCP Tools Including Private Content and User Enumeration

VulnerabilityHigh impactGlobalCVE-2026-10750
CVE-2026-10750 (CVSS 8.1 High), published 2026-07-01, reveals that the Royal MCP WordPress plugin exposes MCP tool endpoints that skip capability checks after initial token auth. This is a pattern of missing authorization across the majority of its MCP tool surface, not an isolated flaw.
WordPress MCP plugins are increasingly used to connect AI agents to website content management. Missing authorization on MCP tools means any authenticated user (including low-privilege subscribers) can weaponize the AI agent surface to exfiltrate private content, enumerate site users for targeted attacks, or destructively modify site content — all through the MCP interface that is designed to be agent-accessible.
After token authentication, the majority of Royal MCP's tools do not perform capability checks. Any authenticated user with a low-privileged role such as Subscriber can invoke MCP tools to read private posts, enumerate all users and their roles, and create, modify, or delete site content — bypassing WordPress's role-based access control.
Royal MCP WordPress plugin before 1.4.26
Upgrade Royal MCP WordPress plugin to 1.4.26 or later. WPScan advisory: https://wpscan.com/vulnerability/8678ef91-ff05-43a1-a8e3-6d35da548826/
Sources
NVD CVE-2026-10750WPScan AdvisoryGitHub Advisory GHSA-mggr-4wrj-4f4g
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →