What happened
CVE-2026-10750 (CVSS 8.1 High), published 2026-07-01, reveals that the Royal MCP WordPress plugin exposes MCP tool endpoints that skip capability checks after initial token auth. This is a pattern of missing authorization across the majority of its MCP tool surface, not an isolated flaw.
Why it matters
WordPress MCP plugins are increasingly used to connect AI agents to website content management. Missing authorization on MCP tools means any authenticated user (including low-privilege subscribers) can weaponize the AI agent surface to exfiltrate private content, enumerate site users for targeted attacks, or destructively modify site content — all through the MCP interface that is designed to be agent-accessible.
Attack vector
After token authentication, the majority of Royal MCP's tools do not perform capability checks. Any authenticated user with a low-privileged role such as Subscriber can invoke MCP tools to read private posts, enumerate all users and their roles, and create, modify, or delete site content — bypassing WordPress's role-based access control.
Affected systems
Royal MCP WordPress plugin before 1.4.26
Mitigation
Upgrade Royal MCP WordPress plugin to 1.4.26 or later. WPScan advisory: https://wpscan.com/vulnerability/8678ef91-ff05-43a1-a8e3-6d35da548826/