Unauthenticated Access Control Flaw in Royal MCP Plugin by PatchStack
CVE-2026-40775
7.3HIGH
What is CVE-2026-40775?
The Royal MCP plugin for WordPress exhibits a vulnerability stemming from unauthenticated broken access control in versions up to 1.4.2. This weakness may allow unauthorized users to access sensitive functionalities or data, creating potential security risks for websites that utilize this plugin. PatchStack provides insight into this issue, emphasizing the importance of updating to secure versions to mitigate the risk.
Affected Version(s)
Royal MCP <= 1.4.2