High-risk tools in Wp Cli
7 of the 58 tools in Wp Cli are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
wp_cli_rawExecuteExecute any WP-CLI command directly
-
wp_cron_runExecuteManually trigger a specific WordPress cron event by its hook name.
-
wp_db_queryExecuteExecute a raw SQL query against the WordPress database. Use for read-only SELECT queries. WARNING: Write queries (INSERT, UPDATE, DELETE) can damage the database — use with caut...
-
wp_evalExecuteExecute arbitrary PHP code in the WordPress environment. Has access to all WordPress functions, hooks, and the database. Use for custom queries, data manipulation, or anything n...
-
wp_plugin_activateExecuteActivate an installed but inactive WordPress plugin. The plugin must already be installed.
-
wp_search_replaceExecuteSearch and replace strings across all WordPress database tables. Essential for domain migrations (e.g. staging to production). Handles serialized data correctly.
-
wp_theme_activateExecuteActivate a theme
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.