WP-Safety

WPRaiz Content API Tool Security & Risk Analysis

wordpress.org/plugins/wpraiz-content-api-tool

REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).

60 active installs v2.0.2 PHP 7.4+ WP 5.0+ Updated Mar 17, 2026
ai-contentclaudecontent-automationmcprest-api
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPRaiz Content API Tool Safe to Use in 2026?

Generally Safe

Score 100/100

WPRaiz Content API Tool has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The wpraiz-content-api-tool plugin version 2.0.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to output escaping best practices, with 99% of outputs properly handled. Furthermore, the absence of known CVEs and dangerous functions suggests a generally well-maintained codebase. However, several significant concerns emerge from the static analysis. The plugin exposes a considerable attack surface with 7 unprotected entry points across AJAX handlers and REST API routes. Crucially, all SQL queries are performed without the use of prepared statements, presenting a high risk of SQL injection vulnerabilities. The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, warrant careful investigation due to their potential to be exploited. The lack of historical vulnerabilities, while seemingly positive, could also indicate a lack of rigorous security auditing or a history of not being a target, rather than a testament to inherent security. Overall, the plugin has strengths in output handling but weaknesses in input validation for SQL queries and the overall protection of its exposed endpoints.

Key Concerns

  • All SQL queries lack prepared statements
  • 2 flows with unsanitized paths found
  • 7 unprotected entry points (AJAX/REST)
Vulnerabilities
None known

WPRaiz Content API Tool Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WPRaiz Content API Tool Release Timeline

v2.0.2Current
v2.0.1
v2.0.0
v1.5.1
v1.5
v1.4
v1.3
Code Analysis
Analyzed Mar 16, 2026

WPRaiz Content API Tool Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
1
82 escaped
Nonce Checks
3
Capability Checks
5
File Operations
5
External Requests
9
Bundled Libraries
0

SQL Query Safety

0% prepared4 total queries

Output Escaping

99% escaped83 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
ajax_save_settings (includes\admin\class-admin-page.php:278)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

WPRaiz Content API Tool Attack Surface

Entry Points19
Unprotected7

AJAX Handlers 3

authwp_ajax_wpraiz_save_settingsincludes\admin\class-admin-page.php:14
authwp_ajax_wpraiz_activate_licenseincludes\admin\class-license.php:27
authwp_ajax_wpraiz_deactivate_licenseincludes\admin\class-license.php:28

REST API Routes 16

POST/wp-json/wpraiz/v2/generate-contentincludes\ai\class-ai-manager.php:17
POST/wp-json/wpraiz/v2/rewrite-postincludes\ai\class-ai-manager.php:24
POST/wp-json/wpraiz/v2/auth/tokenincludes\class-auth.php:19
POST/wp-json/wpraiz/v2/create-postincludes\class-content-manager.php:17
POST/wp-json/wpraiz/v2/create-postsincludes\class-content-manager.php:25
POST/wp-json/wpraiz/v2/update-postincludes\class-content-manager.php:32
GET/wp-json/wpraiz/v2/check-statusincludes\class-content-manager.php:39
POST/wp-json/api-post-creator/v1/create-postincludes\class-content-manager.php:46
GET/wp-json/api-post-creator/v1/check-statusincludes\class-content-manager.php:51
POST/wp-json/wpraiz/v2/quick-seo/(?P<post_id>\d+)includes\class-gutenberg-sidebar.php:29
GET/wp-json/wpraiz/v2/search-similarincludes\class-search-engine.php:17
GET/wp-json/wpraiz/v2/categoriesincludes\class-search-engine.php:41
GET/wp-json/api-post-creator/v1/search-similar-postsincludes\class-search-engine.php:48
GET/wp-json/api-post-creator/v1/get-categoriesincludes\class-search-engine.php:53
POST/wp-json/wpraiz-mcp/v1/mcpincludes\mcp\class-mcp-server.php:23
GET/wp-json/wpraiz-mcp/v1/sseincludes\mcp\class-mcp-server.php:30
WordPress Hooks 16
actionadmin_menuincludes\admin\class-admin-page.php:12
actionadmin_enqueue_scriptsincludes\admin\class-admin-page.php:13
actionwpraiz_revalidate_licenseincludes\admin\class-license.php:31
actionrest_api_initincludes\ai\class-ai-manager.php:12
filtercontent_save_preincludes\ai\class-ai-manager.php:278
actionrest_api_initincludes\class-auth.php:15
actionrest_api_initincludes\class-content-manager.php:12
filtercontent_save_preincludes\class-content-manager.php:147
filtercontent_save_preincludes\class-content-manager.php:310
actionenqueue_block_editor_assetsincludes\class-gutenberg-sidebar.php:20
actionrest_api_initincludes\class-gutenberg-sidebar.php:21
actionrest_api_initincludes\class-search-engine.php:12
actionwpraiz_fire_webhookincludes\class-webhooks.php:13
actioncli_initincludes\mcp\class-mcp-cli.php:126
actionrest_api_initincludes\mcp\class-mcp-server.php:18
actionplugins_loadedwpraiz-content.php:86

Scheduled Events 3

wpraiz_revalidate_license
wpraiz_fire_webhook
wpraiz_fire_webhook
Maintenance & Trust

WPRaiz Content API Tool Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 17, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs60
Alternatives

WPRaiz Content API Tool Alternatives

Royal MCP

Royal MCP

royal-mcp

A
99

The security-first MCP server for WordPress. Connect Claude, ChatGPT, and Gemini with API key auth, rate limiting, and activity logging.

500 1 CVE
Easy MCP AI

Easy MCP AI

easy-mcp-ai

A
100

Connect Claude, ChatGPT & any MCP-compatible AI to WordPress — create, edit & manage content without the admin panel. 100+ built-in tools. 100% free.

300 No CVEs
AI Workflow Automation

AI Workflow Automation

ai-workflow-automation-lite

B
78

Transform your WordPress site with AI-powered automation for content, customer support, data analysis, research, and business processes.

100 1 unpatched
Enable Abilities for MCP

Enable Abilities for MCP

enable-abilities-for-mcp

A
100

Manage which WordPress Abilities are exposed to MCP servers. Supports WooCommerce, The Events Calendar, and any custom post type.

100 No CVEs
AI Content Writer & Auto Post Generator for WordPress by RapidTextAI

AI Content Writer & Auto Post Generator for WordPress by RapidTextAI

ai-text-block

A
100

Generate AI-powered articles using GPT-4, GPT-5, Claude, DeepSeek & Grok with automatic images for WordPress.

70 No CVEs
Developer Profile

WPRaiz Content API Tool Developer Profile

José Ícaro - WPRaiz

1 plugin · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPRaiz Content API Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpraiz-content-api-tool/assets/css/admin.css/wp-content/plugins/wpraiz-content-api-tool/assets/js/admin.js
Script Paths
/wp-content/plugins/wpraiz-content-api-tool/assets/js/admin.js
Version Parameters
wpraiz-content-api-tool/assets/css/admin.css?ver=wpraiz-content-api-tool/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpraiz-wrapwpraiz-headerwpraiz-versionwpraiz-pro-badgewpraiz-tabswpraiz-tabwpraiz-panelwpraiz-tier-pro+1 more
Data Attributes
data-tab
JS Globals
wpraizAdmin
REST Endpoints
/wpraiz/v2//wpraiz/v2/create-post/wpraiz/v2/update-post/wpraiz/v2/create-posts/wpraiz/v2/generate-content/wpraiz/v2/rewrite-post/wpraiz/v2/search-similar?title=/wpraiz/v2/categories/wpraiz/v2/check-status/wpraiz/v2/auth/token/wpraiz-mcp/v1/mcp
FAQ

Frequently Asked Questions about WPRaiz Content API Tool