Critical-risk tools in ItchWPMCP
6 of the 75 tools in ItchWPMCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
elementor_delete_sectionDestructiveDelete an Elementor section or container at a specific index. Requires confirmDelete=true. Use elementor_get_page_structure first to find the target index.
-
wordpress_delete_pageDestructiveDelete or trash a WordPress page. Requires confirmDelete=true.
-
wordpress_delete_postDestructiveDelete or trash a WordPress post. Requires confirmDelete=true.
-
wordpress_delete_reusable_blockDestructiveDelete a synced pattern (reusable block) by ID. Requires confirmDelete=true.
-
wordpress_delete_templateDestructiveDelete a custom FSE block template. Requires confirmDelete=true.
-
wordpress_delete_widgetDestructiveDelete a WordPress widget instance. Requires confirmDelete=true. Use force=true to permanently delete instead of orphaning.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.