High-risk tools in WordPress MCP Server

High severity WordPress MCP Server MCP Server 8 of 190 tools

8 of the 190 tools in WordPress MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

wordpress_execute_shortcode Execute

wordpress_execute_shortcode
wordpress_execute_sql Execute

wordpress_execute_sql
wordpress_run_cron Execute

wordpress_run_cron
wordpress_clone_to_staging Execute

wordpress_clone_to_staging
wordpress_flush_rewrite_rules Execute

wordpress_flush_rewrite_rules
wordpress_regenerate_thumbnails Execute

wordpress_regenerate_thumbnails
wordpress_activate_theme Execute

wordpress_activate_theme
wordpress_schedule_event Execute

wordpress_schedule_event

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in WordPress MCP Server

Tools at high risk

Attacks that target this class

More on WordPress MCP Server

Enforce policy on every WordPress MCP Server tool call.