Does WebMCP Bridge have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WebMCP Bridge compatible with WordPress 6.9.4?

According to WordPress.org data, WebMCP Bridge 1.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WebMCP Bridge compatible with PHP 8.0+?

WebMCP Bridge requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WebMCP Bridge updated?

WebMCP Bridge was last updated on Mar 24, 2026. Frequent updates are generally a positive security signal.

What is WebMCP Bridge's security score?

WebMCP Bridge has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WebMCP Bridge Security & Risk Analysis

wordpress.org/plugins/webmcp-bridge

Make your WordPress site natively AI-agent friendly via the WebMCP protocol — no backend server required.

10 active installs v1.3.1 PHP 8.0+ WP 6.0+ Updated Mar 24, 2026

aiai-agentmcpwebmcpwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WebMCP Bridge Safe to Use in 2026?

Generally Safe

Score 100/100

WebMCP Bridge has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "webmcp-bridge" plugin version 1.3.1 exhibits a strong security posture based on the provided static analysis. The absence of any identifiable attack surface, such as unprotected AJAX handlers, REST API routes, shortcodes, or cron events, is a significant strength. Furthermore, the code adheres to excellent security practices by utilizing prepared statements for all SQL queries, properly escaping all output, and implementing both nonce and capability checks where appropriate. The lack of dangerous function calls, file operations, or external HTTP requests further bolsters its security. The taint analysis showing zero flows, particularly with unsanitized paths or of critical/high severity, is also highly reassuring.

The vulnerability history further reinforces this positive assessment. With zero known CVEs, and no recorded vulnerabilities of any severity, this indicates a well-maintained and secure plugin. This history, combined with the robust static analysis findings, suggests that the developers have prioritized security throughout the development lifecycle.

In conclusion, "webmcp-bridge" v1.3.1 appears to be a very secure plugin. Its minimal attack surface and diligent implementation of security best practices, supported by a clean vulnerability history, make it a low-risk component. There are no identified weaknesses in the provided data that would warrant significant concern.

Vulnerabilities

None known

WebMCP Bridge Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WebMCP Bridge Release Timeline

v1.3.2

v1.3.1Current

v1.3.0

v1.2.0

Code Analysis

Analyzed Apr 16, 2026

WebMCP Bridge Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

190 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped190 total outputs

Attack Surface

WebMCP Bridge Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 30

actionadmin_menuadmin/class-admin.php:17

actionadmin_initadmin/class-admin.php:18

actionadmin_enqueue_scriptsadmin/class-admin.php:19

actionrest_api_initincludes/class-rest-api.php:67

actionadmin_menutrunk/admin/class-admin.php:17

actionadmin_inittrunk/admin/class-admin.php:18

actionadmin_enqueue_scriptstrunk/admin/class-admin.php:19

actionrest_api_inittrunk/includes/class-rest-api.php:67

actionwp_enqueue_scriptstrunk/webmcp-bridge.php:57

actionplugins_loadedtrunk/webmcp-bridge.php:59

filterscript_loader_tagtrunk/webmcp-bridge.php:74

filterautoptimize_filter_js_excludetrunk/webmcp-bridge.php:109

filterrocket_exclude_jstrunk/webmcp-bridge.php:116

filterrocket_exclude_defer_jstrunk/webmcp-bridge.php:121

filterlitespeed_optimize_js_excludestrunk/webmcp-bridge.php:129

filterw3tc_minify_js_do_tag_minificationtrunk/webmcp-bridge.php:137

filtersgo_js_combine_excludetrunk/webmcp-bridge.php:145

filtersgo_javascript_combine_excludetrunk/webmcp-bridge.php:150

actionadmin_inittrunk/webmcp-bridge.php:163

actionwp_enqueue_scriptswebmcp-bridge.php:57

actionplugins_loadedwebmcp-bridge.php:59

filterscript_loader_tagwebmcp-bridge.php:74

filterautoptimize_filter_js_excludewebmcp-bridge.php:109

filterrocket_exclude_jswebmcp-bridge.php:116

filterrocket_exclude_defer_jswebmcp-bridge.php:121

filterlitespeed_optimize_js_excludeswebmcp-bridge.php:129

filterw3tc_minify_js_do_tag_minificationwebmcp-bridge.php:137

filtersgo_js_combine_excludewebmcp-bridge.php:145

filtersgo_javascript_combine_excludewebmcp-bridge.php:150

actionadmin_initwebmcp-bridge.php:163

Maintenance & Trust

WebMCP Bridge Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 24, 2026

PHP min version8.0

Downloads160

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WebMCP Bridge Alternatives

Universal Commerce Protocol (UCP) for WooCommerce

universal-commerce-protocol-ucp-for-woocommerce

100

Enable the Universal Commerce Protocol (UCP) for WooCommerce. Let AI agents discover, browse, and purchase products for your customers safely.

0 No CVEs

Notification for Telegram

notification-for-telegram

Sends notifications to Telegram users or groups, when some events occur in WordPress.

4K 4 CVEs

StifLi Flex MCP – AI Copilot, Chat Agent and MCP Server

stifli-flex-mcp

100

AI Copilot for the WordPress editor, AI Chat Agent for full site management & MCP server for external AI clients. OpenAI, Claude & Gemini.

900 No CVEs

Royal MCP

royal-mcp

The security-first MCP server for WordPress. Connect Claude, ChatGPT, and Gemini with API key auth, rate limiting, and activity logging.

500 1 CVE

StoreAgent – WooCommerce AI Chatbot & AI Content Tools

storeagent-ai-for-woocommerce

100

WooCommerce AI Chatbot for stores with built-in AI content tools. Generate product descriptions, answer customer questions & more with AI.

300 No CVEs

Developer Profile

WebMCP Bridge Developer Profile

Mescio

2 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WebMCP Bridge

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webmcp-bridge/assets/js/webmcp.js

Script Paths

/wp-content/plugins/webmcp-bridge/assets/js/webmcp.js

Version Parameters

webmcp-bridge/assets/js/webmcp.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-no-optimizedata-no-deferdata-cfasync

JS Globals

webmcpBridge

REST Endpoints

/wp-json/webmcp-bridge/v1

FAQ