[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f91z-7eY9wC9LrdxoM-_FNcyPAZbgMRUSR-GPiP8p584":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":59,"fingerprints":220},"royal-mcp","Royal MCP","1.2.3","Royal Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Froyalpluginsteam\u002F","\u003Cp>Royal MCP enables AI platforms like Claude, OpenAI, and Google Gemini to securely interact with your WordPress content through the Model Context Protocol (MCP).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multi-Platform Support\u003C\u002Fstrong> – Connect Claude, OpenAI, Google Gemini, Mistral, Perplexity, Groq, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Access\u003C\u002Fstrong> – Expose posts, pages, media, and users to AI platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Authentication\u003C\u002Fstrong> – API key authentication protects your endpoints\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Logging\u003C\u002Fstrong> – Track all AI interactions with your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Claude Desktop Integration\u003C\u002Fstrong> – Native MCP connector for Claude Desktop app\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported AI Platforms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Claude (Anthropic)\u003C\u002Fli>\n\u003Cli>OpenAI (GPT-4, GPT-3.5)\u003C\u002Fli>\n\u003Cli>Google Gemini\u003C\u002Fli>\n\u003Cli>Mistral AI\u003C\u002Fli>\n\u003Cli>Perplexity\u003C\u002Fli>\n\u003Cli>Groq\u003C\u002Fli>\n\u003Cli>Cohere\u003C\u002Fli>\n\u003Cli>Together AI\u003C\u002Fli>\n\u003Cli>DeepSeek\u003C\u002Fli>\n\u003Cli>And more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>API Endpoints:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Froyal-mcp\u002Fv1\u002Fposts\u003C\u002Fcode> – Access posts\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Froyal-mcp\u002Fv1\u002Fpages\u003C\u002Fcode> – Access pages\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Froyal-mcp\u002Fv1\u002Fmedia\u003C\u002Fcode> – Access media library\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Froyal-mcp\u002Fv1\u002Fusers\u003C\u002Fcode> – Access user data (public info only)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to third-party AI services to enable AI platforms to interact with your WordPress content. \u003Cstrong>No data is transmitted until you explicitly configure and enable a platform connection.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent:\u003C\u002Fstrong> Your WordPress content (posts, pages, media metadata) as requested by the connected AI platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent:\u003C\u002Fstrong> Only when you have configured a platform with API credentials AND enabled that platform connection AND the AI platform makes a request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported services and their policies:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anthropic Claude\u003C\u002Fstrong> – Used for Claude AI integration\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fconsumer-terms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>OpenAI\u003C\u002Fstrong> – Used for ChatGPT\u002FGPT-4 integration\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Google Gemini\u003C\u002Fstrong> – Used for Gemini AI integration\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fai.google.dev\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Groq\u003C\u002Fstrong> – Used for Groq LPU inference\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgroq.com\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgroq.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Microsoft Azure OpenAI\u003C\u002Fstrong> – Used for Azure-hosted OpenAI models\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fazure.microsoft.com\u002Fen-us\u002Fsupport\u002Flegal\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fprivacy.microsoft.com\u002Fen-us\u002Fprivacystatement\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>AWS Bedrock\u003C\u002Fstrong> – Used for AWS-hosted AI models\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fservice-terms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Ollama \u002F LM Studio\u003C\u002Fstrong> – Local self-hosted models (no external data transmission)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom MCP Servers\u003C\u002Fstrong> – User-configured servers (data sent to user-specified endpoints only)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress MCP plugin that connects AI platforms like Claude, ChatGPT, and Gemini to your site using Model Context Protocol for secure content access.",90,489,0,"2026-03-11T08:49:00.000Z","6.9.4","5.8","7.4",[19,20,21,22,23],"ai-integration","chatgpt-wordpress","claude-wordpress","model-context-protocol","wordpress-mcp","https:\u002F\u002Froyalplugins.com\u002Fsupport\u002Froyal-mcp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Froyal-mcp.1.2.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"royalpluginsteam",3,30,94,"2026-04-04T05:29:12.606Z",[37],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":26,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"copywriter-robin","Copywriter Robin's Blog Generator: AI-Powered and Effortless Blogging","1.0.4","Virakle Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fvirakle\u002F","\u003Cp>Are you tired of spending hours writing and formatting your blog posts? Introducing Copywriter Robin, the ultimate solution for fast and efficient blogging.\u003C\u002Fp>\n\u003Cp>With Copywriter Robin, you can easily create professional-quality blogs in just seconds. Our AI-powered tool takes care of the hard work for you, including writing, formatting, and even generating a catchy title and meta description.\u003C\u002Fp>\n\u003Ch4>Key features of Copywriter Robin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>AI-powered writing: Our algorithm generates high-quality content based on your input, saving you time and effort.\u003C\u002Fli>\n\u003Cli>Formatting and structuring: Blog Generator automatically formats and structures your post, including headings, paragraphs, and even images.\u003C\u002Fli>\n\u003Cli>Title and meta description generation: Our tool generates a catchy title and meta description that will help your post stand out and rank better on search engines.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With Copywriter Robin, you can spend less time writing and more time growing your blog and audience.\u003C\u002Fp>\n\u003Cp>Try it now and see the difference for yourself!\u003C\u002Fp>\n\u003Ch3>Installation 🔧\u003C\u002Fh3>\n\u003Ch4>AUTOMATIC INSTALLATION\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to your plugin browser inside your wordpress installation and search 3D Product Viewer & WebAR for WooCommerce by keyword. Then choose “3D Product Viewer & WebAR for WooCommerce” and click install. It will be installed shortly.\u003C\u002Fli>\n\u003Cli>Activate the plugin from Plugins menu after installation\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>MANUAL INSTALLATION\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Download the latest version and extract the folder to the \u002Fwp-content\u002Fplugins\u002F directory\u003C\u002Fli>\n\u003Cli>The plugin will appear as inactive in your Plugins menu\u003C\u002Fli>\n\u003Cli>Activate the plugin through the Plugins menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Log in to the WordPress admin dashboard\u003C\u002Fli>\n\u003Cli>Navigate to the “Copywriter Robin” settings page\u003C\u002Fli>\n\u003Cli>Enter the topic and keywords for the blog post you want to generate\u003C\u002Fli>\n\u003Cli>Click “Generate post” to create a new draft post with the AI-generated content\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Licensing\u003C\u002Fh3>\n\u003Cp>Copywriter Robin is licensed under the GPLv3 license.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>If you have any questions or need help with the project, please contact me at \u003Ca href=\"mailto:robin@virakle.nl\" rel=\"nofollow ugc\">robin@virakle.nl\u003C\u002Fa>\u003C\u002Fp>\n","Are you tired of spending hours writing and formatting your blog posts? Introducing Copywriter Robin, the ultimate solution for fast and efficient blo &hellip;",1369,1,"2023-02-01T13:48:00.000Z","6.1.10","5.6","5.2.4",[52,53,54,55,20],"ai-copywriter","blog-generator","chatgpt","chatgpt-copywriter","https:\u002F\u002Fvirakle.nl\u002Fcopywriter-robin-content-maken\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcopywriter-robin.1.0.4.zip",85,{"attackSurface":60,"codeSignals":126,"taintFlows":147,"riskAssessment":208,"analyzedAt":219},{"hooks":61,"ajaxHandlers":92,"restRoutes":103,"shortcodes":123,"cronEvents":124,"entryPointCount":125,"unprotectedCount":32},[62,68,72,76,80,85,89],{"type":63,"name":64,"callback":65,"file":66,"line":67},"action","admin_menu","add_menu_page","includes\\Admin\\Settings_Page.php",13,{"type":63,"name":69,"callback":70,"file":66,"line":71},"admin_init","register_settings",14,{"type":63,"name":73,"callback":74,"file":66,"line":75},"admin_enqueue_scripts","enqueue_scripts",15,{"type":77,"name":78,"callback":78,"file":66,"line":79},"filter","admin_footer_text",16,{"type":63,"name":81,"callback":82,"file":83,"line":84},"plugins_loaded","init","royal-mcp.php",67,{"type":63,"name":86,"callback":87,"file":83,"line":88},"rest_api_init","register_rest_routes",68,{"type":63,"name":86,"callback":90,"file":83,"line":91},"register_mcp_endpoint",69,[93,99],{"action":94,"nopriv":95,"callback":96,"hasNonce":97,"hasCapCheck":97,"file":66,"line":98},"royal_mcp_test_connection",false,"ajax_test_connection",true,19,{"action":100,"nopriv":95,"callback":101,"hasNonce":97,"hasCapCheck":97,"file":66,"line":102},"royal_mcp_get_platform_fields","ajax_get_platform_fields",20,[104,112,117],{"namespace":105,"route":106,"methods":107,"callback":109,"permissionCallback":110,"file":83,"line":111},"royal-mcp\u002Fv1","\u002Fmcp",[108],"GET","handle_mcp","__return_true",153,{"namespace":105,"route":113,"methods":114,"callback":115,"permissionCallback":110,"file":83,"line":116},"\u002Fsse",[108],"handle_sse",161,{"namespace":105,"route":118,"methods":119,"callback":121,"permissionCallback":110,"file":83,"line":122},"\u002Fmessages",[120],"POST","handle_message",169,[],[],5,{"dangerousFunctions":127,"sqlUsage":128,"outputEscaping":138,"fileOperations":13,"externalRequests":32,"nonceChecks":32,"capabilityChecks":145,"bundledLibraries":146},[],{"prepared":129,"raw":129,"locations":130},2,[131,134],{"file":66,"line":132,"context":133},228,"$wpdb->get_var() with variable interpolation",{"file":135,"line":136,"context":137},"uninstall.php",24,"$wpdb->query() with variable interpolation",{"escaped":139,"rawEcho":46,"locations":140},299,[141],{"file":142,"line":143,"context":144},"includes\\MCP\\Server.php",984,"raw output",4,[],[148,171,199],{"entryPoint":149,"graph":150,"unsanitizedCount":46,"severity":170},"ajax_get_platform_fields (includes\\Admin\\Settings_Page.php:280)",{"nodes":151,"edges":167},[152,157,161],{"id":153,"type":154,"label":155,"file":66,"line":156},"n0","source","$_POST",297,{"id":158,"type":159,"label":160,"file":66,"line":156},"n1","transform","→ render_platform_fields()",{"id":162,"type":163,"label":164,"file":66,"line":165,"wp_function":166},"n2","sink","echo() [XSS]",385,"echo",[168,169],{"from":153,"to":158,"sanitized":95},{"from":158,"to":162,"sanitized":95},"medium",{"entryPoint":172,"graph":173,"unsanitizedCount":46,"severity":170},"\u003CSettings_Page> (includes\\Admin\\Settings_Page.php:0)",{"nodes":174,"edges":194},[175,178,182,185,188,190,192],{"id":153,"type":154,"label":176,"file":66,"line":177},"$_GET",223,{"id":158,"type":163,"label":179,"file":66,"line":180,"wp_function":181},"get_results() [SQLi]",231,"get_results",{"id":162,"type":154,"label":183,"file":66,"line":184},"$_POST (x5)",288,{"id":186,"type":163,"label":164,"file":66,"line":187,"wp_function":166},"n3",317,{"id":189,"type":154,"label":155,"file":66,"line":156},"n4",{"id":191,"type":159,"label":160,"file":66,"line":156},"n5",{"id":193,"type":163,"label":164,"file":66,"line":165,"wp_function":166},"n6",[195,196,197,198],{"from":153,"to":158,"sanitized":97},{"from":162,"to":186,"sanitized":97},{"from":189,"to":191,"sanitized":95},{"from":191,"to":193,"sanitized":95},{"entryPoint":200,"graph":201,"unsanitizedCount":13,"severity":207},"render_logs_page (includes\\Admin\\Settings_Page.php:212)",{"nodes":202,"edges":205},[203,204],{"id":153,"type":154,"label":176,"file":66,"line":177},{"id":158,"type":163,"label":179,"file":66,"line":180,"wp_function":181},[206],{"from":153,"to":158,"sanitized":97},"low",{"summary":209,"deductions":210},"The plugin \"royal-mcp\" v1.2.3 exhibits a mixed security posture.  On the positive side, it demonstrates excellent practices regarding output escaping and avoids dangerous functions, file operations, and bundled libraries. The presence of nonce and capability checks for some entry points is also a good sign. However, a significant concern arises from the attack surface analysis. Three out of five identified entry points, specifically all three REST API routes, lack permission callbacks, leaving them open to unauthorized access and manipulation. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating a potential for input validation issues that could lead to vulnerabilities if exploited, even though no critical or high severity issues were flagged in this specific analysis. The plugin's clean vulnerability history is a strong positive, suggesting a generally well-maintained codebase and a proactive approach to security by the developers. Despite the clean history, the identified weaknesses in the attack surface and taint analysis warrant caution.",[211,214,217],{"reason":212,"points":213},"REST API routes without permission callbacks",10,{"reason":215,"points":216},"Flows with unsanitized paths",8,{"reason":218,"points":125},"AJAX handlers without auth checks","2026-03-16T21:15:25.125Z",{"wat":221,"direct":228},{"assetPaths":222,"generatorPatterns":225,"scriptPaths":226,"versionParams":227},[223,224],"\u002Fwp-content\u002Fplugins\u002Froyal-mcp\u002Fincludes\u002FAdmin\u002Fjs\u002Fsettings-page.js","\u002Fwp-content\u002Fplugins\u002Froyal-mcp\u002Fincludes\u002FAdmin\u002Fcss\u002Fsettings-page.css",[],[223],[],{"cssClasses":229,"htmlComments":233,"htmlAttributes":236,"restEndpoints":239,"jsGlobals":243,"shortcodeOutput":245},[230,231,232],"royal-mcp-settings-page","royal-mcp-log-table","royal-mcp-platform-field",[234,235],"\u003C!-- Royal MCP Settings Page -->","\u003C!-- Royal MCP Activity Log -->",[237,238],"data-royal-mcp-ajax-url","data-royal-mcp-nonce",[240,241,242],"\u002Froyal-mcp\u002Fv1\u002Fmcp","\u002Froyal-mcp\u002Fv1\u002Fsse","\u002Froyal-mcp\u002Fv1\u002Fmessages",[244],"RoyalMCPConfig",[]]