analyze_wordpress_security

Analyze WordPress code for security vulnerabilities including OWASP Top 10 risks, SQL injection, and WordPress-specific security issues in plugins, themes, and core implementations.

Instructions

Comprehensive WordPress security analysis for plugins, themes, and core implementations with OWASP and WordPress-specific vulnerability detection

WORKFLOW: Perfect for understanding complex code, identifying issues, and technical debt assessment TIP: Use Desktop Commander to read files, then pass content here for analysis SAVES: Claude context for strategic decisions

Input Schema

Name	Required	Description	Default
`analysisDepth`	No	Level of security analysis detail	detailed
`analysisType`	No	Type of security analysis to perform	comprehensive
`auditDatabaseQueries`	No	Audit database queries for SQL injection vulnerabilities
`checkCapabilities`	No	Analyze WordPress capability and role management
`code`	No	The WordPress code to analyze (for single-file analysis)
`filePath`	No	Path to single WordPress file to analyze
`files`	No	Array of specific file paths (for multi-file analysis)
`includeOwaspTop10`	No	Include OWASP Top 10 vulnerability checks
`maxDepth`	No	Maximum directory depth for multi-file discovery (1-5)
`projectPath`	No	Path to WordPress plugin/theme root (for multi-file analysis)
`wpType`	No	WordPress component type	plugin
`wpVersion`	No	Target WordPress version for compatibility checks	6.4

Input Schema (JSON Schema)

{
  "properties": {
    "analysisDepth": {
      "default": "detailed",
      "description": "Level of security analysis detail",
      "enum": [
        "basic",
        "detailed",
        "comprehensive"
      ],
      "type": "string"
    },
    "analysisType": {
      "default": "comprehensive",
      "description": "Type of security analysis to perform",
      "enum": [
        "owasp",
        "wordpress",
        "comprehensive"
      ],
      "type": "string"
    },
    "auditDatabaseQueries": {
      "default": true,
      "description": "Audit database queries for SQL injection vulnerabilities",
      "type": "boolean"
    },
    "checkCapabilities": {
      "default": true,
      "description": "Analyze WordPress capability and role management",
      "type": "boolean"
    },
    "code": {
      "description": "The WordPress code to analyze (for single-file analysis)",
      "type": "string"
    },
    "filePath": {
      "description": "Path to single WordPress file to analyze",
      "type": "string"
    },
    "files": {
      "description": "Array of specific file paths (for multi-file analysis)",
      "type": "array"
    },
    "includeOwaspTop10": {
      "default": true,
      "description": "Include OWASP Top 10 vulnerability checks",
      "type": "boolean"
    },
    "maxDepth": {
      "default": 3,
      "description": "Maximum directory depth for multi-file discovery (1-5)",
      "type": "number"
    },
    "projectPath": {
      "description": "Path to WordPress plugin/theme root (for multi-file analysis)",
      "type": "string"
    },
    "wpType": {
      "default": "plugin",
      "description": "WordPress component type",
      "enum": [
        "plugin",
        "theme",
        "core",
        "mu-plugin",
        "dropin"
      ],
      "type": "string"
    },
    "wpVersion": {
      "default": "6.4",
      "description": "Target WordPress version for compatibility checks",
      "type": "string"
    }
  },
  "required": [],
  "type": "object"
}

Houtini-lm