Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini <= 1.4.2 - Missing Authorization

This research plan targets CVE-2026-40775, a missing authorization vulnerability in the Royal MCP plugin (<= 1.4.2). The vulnerability allows unauthenticated attackers to perform actions that should be restricted to administrators.

1. Vulnerability Summary

The Royal MCP plugin fails to implement proper capability checks (authorization) on one or more of its AJAX or REST API endpoints. While it may use nonces for CSRF protection, the absence of current_user_can() in the handler functions, combined with the registration of these functions via wp_ajax_nopriv_* hooks, allows unauthenticated users to trigger the logic. Based on the CVSS vector (Integrity: Low), the vulnerability likely permits the modification of plugin settings or configuration.

2. Attack Vector Analysis

• Endpoint: wp-admin/admin-ajax.php
• Action (Likely): rmcp_save_settings or royal_mcp_save_config (to be verified in source).
• Authentication: None required (unauthenticated).
• Preconditions: The plugin must be active. A nonce may be required, but can be obtained from the frontend if the plugin localizes scripts for unauthenticated users (e.g., for a chat widget).

3. Code Flow

1. Registration: The plugin registers an AJAX handler in its main class or an initialization file:
   add_action('wp_ajax_nopriv_[ACTION_NAME]', 'handle_action_function');
2. Entry Point: An unauthenticated user sends a POST request to admin-ajax.php with action=[ACTION_NAME].
3. The Sink: The handle_action_function is executed.
   • It may check a nonce using check_ajax_referer or wp_verify_nonce.
   • The Flaw: It skips if (!current_user_can('manage_options')) { wp_die(); }.
   • It proceeds to update database options using update_option() based on $_POST parameters.

4. Nonce Acquisition Strategy

If the vulnerable function requires a nonce, we will extract it from the frontend.

1. Identify Entry Point: Search for wp_localize_script in the plugin code to find where nonces are exposed to the browser.
2. Shortcode Discovery: Search for add_shortcode to find the tag that renders the plugin's interface (e.g., [royal_mcp_chat]).
3. Page Setup: Create a public page containing this shortcode.

   wp post create --post_type=page --post_status=publish --post_title="AI Chat" --post_content='[shortcode_found]'
   

4. Extraction:
   • Navigate to the newly created page using browser_navigate.
   • Identify the global JS object. Based on common plugin patterns, look for royal_mcp_data, rmcp_vars, or rmcp_params.
   • Execute: browser_eval("window.rmcp_vars?.nonce") (Replace with the actual variable and key found in source).

5. Exploitation Strategy

Step 1: Discovery

• Search for wp_ajax_nopriv_ in the plugin directory: grep -r "wp_ajax_nopriv_" .
• Locate the handler function and check if it modifies options (e.g., calls update_option).
• Identify the parameter names for the settings.

Step 2: Craft Payload

• Target URL: http://[target]/wp-admin/admin-ajax.php
• Method: POST
• Content-Type: application/x-www-form-urlencoded
• Parameters:
  • action: [action_found]
  • _ajax_nonce: [extracted_nonce]
  • setting_key: malicious_value (e.g., changing the AI model to an expensive one or disabling security filters).

Step 3: Execute Request
Use the http_request tool to send the payload.

6. Test Data Setup

1. Install and activate Royal MCP <= 1.4.2.
2. Note the current value of a target setting (e.g., the API key or default model).

   wp option get royal_mcp_settings
   

3. If a nonce is needed, identify the shortcode (e.g., [royal_mcp_connector]) and create a page to expose it as described in Section 4.

7. Expected Results

• The server should return a successful status code (e.g., 200 OK or a JSON success message {"success":true}).
• The targeted WordPress option (setting) should be updated in the database despite the request being unauthenticated.

8. Verification Steps

After the HTTP request, verify the change via WP-CLI:

# Check if the option was modified
wp option get [OPTION_NAME_FOUND]

If the option value matches the malicious_value sent in the POST request, the exploit is successful.

9. Alternative Approaches

• REST API: If no AJAX actions are found, check register_rest_route. Look for routes where 'permission_callback' is set to __return_true or is missing entirely, especially those handling POST or PUT requests.
• Settings Reset: Look for actions that reset settings to defaults. While "Integrity: Low", resetting an API configuration can still disrupt service.
• Missing Nonce: Check if check_ajax_referer is actually called. If it is omitted or called with die=false without checking the return value, the nonce acquisition step can be skipped.