wp-design-mcp
by Akungapaul
Overview
Manages WordPress custom CSS and color palette settings via an MCP server interface.
Installation
node server.jsEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
- ENABLE_WP_CLI
- WP_CLI_PATH
- WORDPRESS_PATH
- SSH_HOST
- SSH_PORT
- SSH_USER
- SSH_KEY_PATH
Security Notes
The 'update_color_palette' tool uses WP-CLI to set theme modifications via `cliClient.exec`. The command is constructed using user-provided 'key' and 'value' strings directly injected into a shell command (`theme mod set ${key} "${value}"`). This is highly vulnerable to command injection, as malicious input in 'key' or 'value' could allow arbitrary code execution on the server where WP-CLI is run. For example, a 'key' like `foo"; rm -rf /; #` would execute `rm -rf /` on the host. This constitutes a critical security risk.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.
wp-mcp-server-demo
A WordPress plugin acting as a configuration layer to create a custom Model Context Protocol (MCP) server, exposing pre-defined abilities from the WP Abilities API Demo plugin for AI integration.