wp-themes-mcp
by Akungapaul
Overview
WordPress theme management and automation through a Model Context Protocol (MCP) server, allowing agents to list, activate, install, delete, and create WordPress themes.
Installation
node server.jsEnvironment Variables
- WORDPRESS_URL
- WORDPRESS_USERNAME
- WORDPRESS_APP_PASSWORD
- ENABLE_WP_CLI
- WP_CLI_PATH
- WORDPRESS_PATH
- SSH_HOST
- SSH_PORT
- SSH_USER
- SSH_KEY_PATH
Security Notes
The server uses `cliClient.exec` to run WP-CLI commands. In `get_theme_mods` and `create_child_theme` tools, user-provided arguments (`args.theme`, `args.child_slug`, `args.parent_theme`) are directly interpolated into the shell command string without explicit sanitization beyond Zod type validation. This creates a high risk of command injection if a malicious actor or agent provides specially crafted input, allowing arbitrary command execution on the host where WP-CLI is run. Although other WP-CLI calls like `activateTheme` or `installTheme` might be safer if `WPCLIClient` performs internal sanitization, the direct `exec` interpolation is a critical vulnerability.
Similar Servers
mcp-server
This plugin implements a Model Context Protocol (MCP) server for WordPress, exposing WordPress's data and functionality through its REST API to AI clients.
mcp-for-woocommerce
Connects WordPress and WooCommerce to AI systems via Model Context Protocol, enabling AI agents to query and manage e-commerce data (products, orders, categories, shipping, payments, taxes) and content (posts, pages).
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.
wp-mcp-server-demo
A WordPress plugin acting as a configuration layer to create a custom Model Context Protocol (MCP) server, exposing pre-defined abilities from the WP Abilities API Demo plugin for AI integration.