Does Royal MCP have any unpatched vulnerabilities?

No. All known vulnerabilities in Royal MCP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Royal MCP compatible with WordPress 6.9.4?

According to WordPress.org data, Royal MCP 1.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Royal MCP compatible with PHP 7.4+?

Royal MCP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Royal MCP updated?

Royal MCP was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Royal MCP's security score?

Royal MCP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Royal MCP Security & Risk Analysis

wordpress.org/plugins/royal-mcp

WordPress MCP plugin that connects AI platforms like Claude, ChatGPT, and Gemini to your site using Model Context Protocol for secure content access.

90 active installs v1.2.3 PHP 7.4+ WP 5.8+ Updated Mar 11, 2026

ai-integrationchatgpt-wordpressclaude-wordpressmodel-context-protocolwordpress-mcp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Royal MCP Safe to Use in 2026?

Generally Safe

Score 100/100

Royal MCP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago

Risk Assessment

The plugin "royal-mcp" v1.2.3 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding output escaping and avoids dangerous functions, file operations, and bundled libraries. The presence of nonce and capability checks for some entry points is also a good sign. However, a significant concern arises from the attack surface analysis. Three out of five identified entry points, specifically all three REST API routes, lack permission callbacks, leaving them open to unauthorized access and manipulation. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating a potential for input validation issues that could lead to vulnerabilities if exploited, even though no critical or high severity issues were flagged in this specific analysis. The plugin's clean vulnerability history is a strong positive, suggesting a generally well-maintained codebase and a proactive approach to security by the developers. Despite the clean history, the identified weaknesses in the attack surface and taint analysis warrant caution.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths
AJAX handlers without auth checks

Vulnerabilities

None known

Royal MCP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Royal MCP Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

299 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

100% escaped300 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

ajax_get_platform_fields (includes\Admin\Settings_Page.php:280)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Royal MCP Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 2

authwp_ajax_royal_mcp_test_connectionincludes\Admin\Settings_Page.php:19

authwp_ajax_royal_mcp_get_platform_fieldsincludes\Admin\Settings_Page.php:20

REST API Routes 3

GET/wp-json/royal-mcp/v1/mcproyal-mcp.php:153

GET/wp-json/royal-mcp/v1/sseroyal-mcp.php:161

POST/wp-json/royal-mcp/v1/messagesroyal-mcp.php:169

WordPress Hooks 7

actionadmin_menuincludes\Admin\Settings_Page.php:13

actionadmin_initincludes\Admin\Settings_Page.php:14

actionadmin_enqueue_scriptsincludes\Admin\Settings_Page.php:15

filteradmin_footer_textincludes\Admin\Settings_Page.php:16

actionplugins_loadedroyal-mcp.php:67

actionrest_api_initroyal-mcp.php:68

actionrest_api_initroyal-mcp.php:69

Maintenance & Trust

Royal MCP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads489

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Royal MCP Alternatives

Copywriter Robin's Blog Generator: AI-Powered and Effortless Blogging

copywriter-robin

Are you tired of spending hours writing and formatting your blog posts? Introducing Copywriter Robin, the ultimate solution for fast and efficient blo …

0 No CVEs

Developer Profile

Royal MCP Developer Profile

Royal Plugins

3 plugins · 90 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Royal MCP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/royal-mcp/includes/Admin/js/settings-page.js/wp-content/plugins/royal-mcp/includes/Admin/css/settings-page.css

Script Paths

/wp-content/plugins/royal-mcp/includes/Admin/js/settings-page.js

HTML / DOM Fingerprints

CSS Classes

royal-mcp-settings-pageroyal-mcp-log-tableroyal-mcp-platform-field

HTML Comments

Data Attributes

data-royal-mcp-ajax-urldata-royal-mcp-nonce

JS Globals

RoyalMCPConfig

REST Endpoints

/royal-mcp/v1/mcp/royal-mcp/v1/sse/royal-mcp/v1/messages

FAQ