WP-Safety

MCP Tracker Security & Risk Analysis

wordpress.org/plugins/mcp-tracker

Records and displays MCP-related REST API requests made to your WordPress site.

10 active installs v1.0.0 PHP 7.4+ WP 6.9+ Updated Feb 12, 2026
debuggingdeveloper-toolsloggingmcprest-api
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is MCP Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

MCP Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The mcp-tracker plugin version 1.0.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface entry points without authentication checks, coupled with 100% usage of prepared statements for SQL queries and proper output escaping, indicates diligent development practices concerning common web vulnerabilities. The plugin also demonstrates a clean vulnerability history with zero recorded CVEs, suggesting a stable and well-maintained codebase. There are no critical or high severity taint flows detected, further reinforcing its security. However, the complete absence of nonce checks, while not directly a vulnerability in this specific static analysis due to a lack of entry points, is a standard security measure that is often implemented to prevent CSRF attacks. Similarly, the presence of capability checks without associated entry points suggests either incomplete analysis or potential for future risk if entry points are added without proper authorization. Overall, the plugin appears secure for its current state, but vigilance regarding potential future additions to the attack surface and ensuring proper authorization checks are maintained is recommended.

Key Concerns

  • Missing nonce checks on potential future entry points
  • Capability checks present without entry points
Vulnerabilities
None known

MCP Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MCP Tracker Release Timeline

v1.0.0Current
v0.0.1
Code Analysis
Analyzed Apr 16, 2026

MCP Tracker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
0
23 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped23 total outputs
Attack Surface

MCP Tracker Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menuincludes/admin/mcp-tracker-admin.php:14
actionadmin_enqueue_scriptsincludes/admin/mcp-tracker-admin.php:15
actionwp_abilities_api_categories_initincludes/classes/mcp-tracker-abilities.php:27
actionwp_abilities_api_initincludes/classes/mcp-tracker-abilities.php:30
actionmcp_adapter_initincludes/classes/mcp-tracker-abilities.php:33
filterrest_pre_dispatchincludes/classes/mcp-tracker-logger.php:25
filterrest_post_dispatchincludes/classes/mcp-tracker-logger.php:26
actionrest_api_initincludes/classes/mcp-tracker-rest.php:32
actionplugins_loadedincludes/init.php:34
Maintenance & Trust

MCP Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version7.4
Downloads275

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

MCP Tracker Alternatives

Developer Loggers for Simple History

Developer Loggers for Simple History

developer-loggers-for-simple-history

A
99

Useful loggers for SimpleHistory for developers during development of a site or to maintain a live site.

400 1 CVE
Easy MCP AI

Easy MCP AI

easy-mcp-ai

A
100

Connect Claude, ChatGPT & any MCP-compatible AI to WordPress — create, edit & manage content without the admin panel. 100+ built-in tools. 100% free.

300 No CVEs
Enable Abilities for MCP

Enable Abilities for MCP

enable-abilities-for-mcp

A
100

Manage which WordPress Abilities are exposed to MCP servers. Supports WooCommerce, The Events Calendar, and any custom post type.

100 No CVEs
WPRaiz Content API Tool

WPRaiz Content API Tool

wpraiz-content-api-tool

A
100

REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).

60 No CVEs
REST API Route Tester

REST API Route Tester

rest-api-route-tester

A
100

A WordPress admin tool to quickly test REST API routes, path params, headers, body payloads, and copy requests as cURL.

40 No CVEs
Developer Profile

MCP Tracker Developer Profile

WPVibes

12 plugins · 201K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
159 days
View full developer profile
Detection Fingerprints

How We Detect MCP Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mcp-tracker/assets/admin/css/app.css/wp-content/plugins/mcp-tracker/assets/admin/js/app.js
Script Paths
/wp-content/plugins/mcp-tracker/assets/admin/js/app.js
Version Parameters
/wp-content/plugins/mcp-tracker/assets/admin/js/app.js?ver=/wp-content/plugins/mcp-tracker/assets/admin/css/app.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpvmcpt-app-root
Data Attributes
data-api-urldata-noncedata-site-urldata-admin-urldata-plugin-url
JS Globals
wpvmcpt
REST Endpoints
/wpvmcpt/v1/requests/wpvmcpt/v1/filters
FAQ

Frequently Asked Questions about MCP Tracker