11 matches found
CVE-2026-10750
The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...
CVE-2026-10750
CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...
CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
EUVD-2026-39387
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
CVE-2026-54842
The CVE describes a Missing Authorization vulnerability in the WordPress Royal MCP plugin (Royal MCP) affecting versions up to 1.4.25. The issue is categorized as Broken Access Control with a CVSS v3.1 base score of 8.1 (HIGH), with network attack vector, low attack complexity, and privileges req...
WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dhamdham in WordPress Plugin Royal MCP versions = 1.4.25...
EUVD-2026-36984
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
CVE-2026-40775
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
PT-2026-49419
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Alexis Lafontaine in WordPress Plugin Royal MCP versions = 1.4.2...