Critical-risk tools in WooCommerce MCP Server
15 of the 91 tools in WooCommerce MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_couponDestructiveDelete a coupon from WooCommerce
-
delete_customerDestructiveDelete a customer from WooCommerce
-
delete_customer_metaDestructiveDelete meta data from a customer
-
delete_orderDestructiveDelete an order from WooCommerce
-
delete_order_metaDestructiveDelete meta data from an order
-
delete_order_noteDestructiveDelete an order note
-
delete_productDestructiveDelete a product from WooCommerce
-
delete_product_attributeDestructiveDelete a product attribute from WooCommerce
-
delete_product_categoryDestructiveDelete a product category from WooCommerce
-
delete_product_metaDestructiveDelete meta data from a product
-
delete_product_reviewDestructiveDelete a product review
-
delete_product_tagDestructiveDelete a product tag from WooCommerce
-
delete_product_variationDestructiveDelete a product variation
-
create_order_refundFinancialCreate a new order refund
-
delete_order_refundFinancialDelete an order refund
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.