Enable Abilities for MCP Security & Risk Analysis
wordpress.org/plugins/enable-abilities-for-mcpManage which WordPress Abilities are exposed to MCP servers. Supports WooCommerce, The Events Calendar, and any custom post type.
Is Enable Abilities for MCP Safe to Use in 2026?
Generally Safe
Score 100/100Enable Abilities for MCP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'enable-abilities-for-mcp' plugin version 1.9.3 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, unescaped output, file operations, and external HTTP requests is highly commendable. Furthermore, the plugin correctly implements prepared statements for its single SQL query, utilizes nonce checks on its entry points, and enforces capability checks extensively, indicating a robust development approach to security.
The plugin's vulnerability history is also a significant strength, with zero known CVEs and no recorded past vulnerabilities. This suggests a mature and well-maintained codebase. The zero taint analysis flows with unsanitized paths reinforce the impression of secure coding practices.
Overall, 'enable-abilities-for-mcp' v1.9.3 presents a very low risk. Its comprehensive security implementation, lack of historical vulnerabilities, and clean static analysis results make it a secure choice. There are no significant weaknesses identified in the provided data, indicating a high level of trust in its current state.
Enable Abilities for MCP Security Vulnerabilities
Enable Abilities for MCP Release Timeline
Enable Abilities for MCP Code Analysis
SQL Query Safety
Output Escaping
Enable Abilities for MCP Attack Surface
AJAX Handlers 2
WordPress Hooks 11
Maintenance & Trust
Enable Abilities for MCP Maintenance & Trust
Maintenance Signals
Community Trust
Enable Abilities for MCP Alternatives
Notification for Telegram
notification-for-telegram
Sends notifications to Telegram users or groups, when some events occur in WordPress.
StifLi Flex MCP – AI Copilot, Chat Agent and MCP Server
stifli-flex-mcp
AI Copilot for the WordPress editor, AI Chat Agent for full site management & MCP server for external AI clients. OpenAI, Claude & Gemini.
Royal MCP
royal-mcp
The security-first MCP server for WordPress. Connect Claude, ChatGPT, and Gemini with API key auth, rate limiting, and activity logging.
Easy MCP AI
easy-mcp-ai
Connect Claude, ChatGPT & any MCP-compatible AI to WordPress — create, edit & manage content without the admin panel. 100+ built-in tools. 100% free.
WPRaiz Content API Tool
wpraiz-content-api-tool
REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).
Enable Abilities for MCP Developer Profile
1 plugin · 100 total installs
How We Detect Enable Abilities for MCP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/enable-abilities-for-mcp/assets/js/admin.js/wp-content/plugins/enable-abilities-for-mcp/assets/css/admin.css/wp-content/plugins/enable-abilities-for-mcp/assets/js/admin.jsenable-abilities-for-mcp/assets/js/admin.js?ver=enable-abilities-for-mcp/assets/css/admin.css?ver=HTML / DOM Fingerprints
ewpa-admin-wrapperewpa-settings-sectionewpa-ability-toggleewpa-ability-labelewpa-ability-descriptionKEY MIGRATION (v1.7 → v1.9)Renames Spanish ability keys to English while preserving enabled/disabled
* state. Runs once on upgrade.ABILITIES REGISTRYCentral data structure defining all available abilities with metadata.
* Used by both the admin UI and the registration functions.data-ability-keydata-ability-enabledwindow.ewpaSettings/wp-json/ewpa/v1/abilities