CVE-2026-10750 - Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools
CVE ID :CVE-2026-10750 Published : July 1, 2026, 6 a.m. | 9 hours, 12 minutes ago Description :The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role...