Critical-risk tools in WooCommerce MCP Server
20 of the 101 tools in WooCommerce MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cleanup_orphaned_mediaDestructiveFind orphaned media not used by any product or category. Dry run by default; set delete=true to remove them. Scans all products and categories.
-
delete_attributeDestructiveDelete a global product attribute and all its terms. Also removes the attribute from all products that use it.
-
delete_attribute_termDestructiveDelete a value from a product attribute. Removes the term from all products using it.
-
delete_brandDestructiveDelete a product brand. Does NOT delete products with this brand; they simply lose the brand association.
-
delete_categoryDestructiveDelete a product category. Does NOT delete products in the category; they become uncategorized.
-
delete_couponDestructiveDelete a coupon. Moves to trash by default; set force=true to permanently delete.
-
delete_mediaDestructivePermanently delete a media item from WordPress. This is irreversible. Use cleanup_orphaned_media to find unused items first.
-
delete_orderDestructiveDelete an order. Moves to trash by default; set force=true to permanently delete.
-
delete_order_noteDestructiveDelete a note from an order. This permanently removes the note.
-
delete_productDestructiveDelete a product. Moves to trash by default; set force=true to permanently delete. Does not delete associated media.
-
delete_product_reviewDestructiveDelete a product review. By default moves to trash (force=false). Set force=true to permanently delete.
-
delete_shipping_classDestructiveDelete a product shipping class. Products using this class will revert to no shipping class.
-
delete_shipping_zoneDestructiveDelete a shipping zone. This also removes all methods and locations in the zone.
-
delete_shipping_zone_methodDestructiveRemove a shipping method from a zone.
-
delete_tagDestructiveDelete a product tag. Does NOT affect products that had this tag; they simply lose the tag association.
-
delete_tax_classDestructiveDelete a tax class by slug. Cannot delete the Standard class. Rates in this class will be orphaned.
-
delete_tax_rateDestructiveDelete a tax rate. This is permanent and cannot be undone.
-
delete_webhookDestructiveDelete a webhook. Set force=true to permanently delete.
-
create_order_refundFinancialCreate a refund for an order. Can refund full or partial amount. Set api_refund=true (default) to automatically refund via payment gateway, or false for manual refund.
-
delete_order_refundFinancialDelete a refund record from an order. This removes the refund entry but does not reverse the payment — use with caution.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.