wp-media-mcp
by Akungapaul
Overview
Manages WordPress media library programmatically through a Model Context Protocol (MCP) server, allowing AI agents to upload, retrieve, list, update, and delete media.
Installation
node server.jsEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
- ENABLE_WP_CLI
- WP_CLI_PATH
- WORDPRESS_PATH
- SSH_HOST
- SSH_PORT
- SSH_USER
- SSH_KEY_PATH
Security Notes
The `upload_media` tool handler is vulnerable to Server-Side Request Forgery (SSRF) as it fetches an arbitrary URL provided by the user (`args.source`) without sufficient validation or sanitization. This could lead to internal network scanning, access to sensitive internal resources, or denial-of-service by downloading large or malicious files. Additionally, the WP-CLI integration, while not directly exploitable for command injection in the provided snippet, relies on the `WPCLIClient` implementation in a shared library for robustness. Broad commands like `regenerate_thumbnails` without a specific ID could be resource-intensive if triggered maliciously on a large WordPress site.
Similar Servers
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
contentful-mcp-server
Provides AI assistants with comprehensive tools to interact with Contentful APIs for content creation, management, asset organization, workflow automation, and content modeling.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.