What happened
Royal MCP, a WordPress plugin that implements Model Context Protocol (MCP) server functionality enabling AI agents to interact with WordPress sites, contains an unauthenticated broken access control vulnerability in versions up to and including 1.4.2. Published June 15, 2026 (CVSS 7.3 HIGH). Remote attackers can reach protected MCP endpoints without authenticating.
Why it matters
MCP plugins expose structured tool interfaces specifically designed for AI agent consumption. An unauthenticated access control bypass on an MCP server allows external AI agents (or attackers posing as agents) to invoke any tool the plugin exposes — potentially reading, writing, or deleting WordPress content, accessing configured AI credentials, or using the compromised MCP endpoint as a pivot point to inject malicious context into legitimate AI agent workflows.
Attack vector
An unauthenticated remote attacker sends requests directly to Royal MCP's access-controlled endpoints, bypassing authentication checks due to improper authorization logic in versions ≤ 1.4.2. This grants access to MCP tool interfaces that AI agents use to interact with the WordPress site.
Affected systems
Royal MCP WordPress Plugin ≤ 1.4.2
Mitigation
Update Royal MCP to version 1.4.3 or later. Advisory: https://patchstack.com/database/wordpress/plugin/royal-mcp/vulnerability/wordpress-royal-mcp-plugin-1-4-2-broken-access-control-vulnerability