The development of this version has cost 1,650 euros. The accumulated cost for this year is 9,690 euros. The accumulated cost since the first version is 9,690 euros, but the cost for you is only the license of 30€.
New version 2.4.x of the plugin MCP Content Manager Premium for WordPress and WooCommerce. This version introduces a complete role and capability manager and an anti prompt-injection human confirmation system to protect high-risk operations.
Versions of the branch
2.4.0
Role and Capability Manager
- New: Role and Capability Manager — complete CRUD for WordPress roles and capabilities via MCP.
- New: MCM_Role_Manager — completely static class with CRUD, catalog, validation, auditing, and event emission.
- New: mcm/list-roles — lists all roles with optional capability details and user count.
- New: mcm/get-capabilities-catalog — explore ~45 core capabilities + ~12 from WooCommerce + 3 from MCM + dynamic third-party capabilities.
- New: mcm/create-role — create custom roles with optional clone_from to inherit from existing roles.
- New: mcm/update-role — modify the role name, add or remove capabilities.
- New: mcm/delete-role — delete custom roles with mandatory user reassignment.
- New: mcm/compare-roles — side-by-side capability comparison matrix with summary of common/unique.
- New: mcm/assign-role — assign role to user by ID, login, or email with security measures.
- New: mcm/audit-user-capabilities — complete audit of a user's effective capabilities with alerts.
- New: Roles settings tab in administration (Settings > MCP Content Manager Premium > Roles).
- New: MCM_Admin_Roles — administration interface class for the Roles tab with rendering and process_save.
Role Security Protections
- New: Administrator role assignment toggle — disabled by default, must be enabled in settings to allow assigning the administrator role via MCP.
- New: Administrator demotion toggle — disabled by default, must be enabled in settings to allow demoting administrators via MCP.
- New: Dangerous capabilities block list — 32 capabilities blocked by default at 3 risk levels (CRITICAL, HIGH, MULTISITE). Administrators can enable them individually from the Roles tab.
- New: Single administrator protection — always active regardless of settings, the site can never be left without at least one administrator.
- New: Privilege escalation prevention — capabilities cannot be granted that one does not possess.
- New: Reserved capabilities — mcm_agent_execute reserved for future use of autonomous agents.
- New: Protected roles — core WordPress roles (administrator, editor, author, contributor, subscriber) and WooCommerce roles (customer, shop_manager) cannot be deleted.
- New: The Administrator role is unmodifiable — prevents accidental lockouts by modifying the role.
- New: Capability dependency verification — alerts when granting capabilities without their dependencies.
- New: Dangerous capability alerts — flags high-risk capabilities (unfiltered_html, edit_files, etc.) during role creation/modification.
- New: Event emission via do_action('mcm_ability_executed') for audit trails and automation.
Role Manager Fixes
- Fixed: The clone_from parameter in mcm/create-role now works correctly (removed required capabilities from input_schema).
- Fixed: mcm/compare-roles with fewer than 2 roles now returns a friendly error message (removed minItems from input_schema).
- Fixed: mcm/assign-role now blocks demotion of administrators without explicit confirmation (requires confirm_demotion=true).
Human Confirmation System (Anti Prompt-Injection)
- New: Out-of-band human confirmation for ~30 high-risk skills — architectural defense against indirect prompt injection attacks.
- New: MCM_Confirmation — completely static engine: challenge creation, token validation, HMAC integrity verification, and confirmed execution.
- New: MCM_Confirmation_DB — database layer with custom table {prefix}mcm_pending_confirmations, atomic state transitions (pending -> confirmed -> executed).
- New: Independent confirmation page via REST endpoint (/wp-json/mcm-auth/v1/confirm) — card-like interface similar to OAuth authorization pages, without dependency on wp-admin.
- New: Confirmations tab in administration (Settings > MCP Content Manager Premium > Confirmations) — table of pending actions and recent history with status indicators.
- New: Sentinel confirmation system — independent out-of-band confirmation for destructive sentinel skills using capability URLs and storage in wp_options.
- New: HMAC integrity on stored confirmation parameters — hash_hmac('sha256', params, AUTH_KEY) prevents manipulation in the database.
- New: Automatic cleanup via Action Scheduler every 12 hours — removes expired + executed/canceled pending items older than 30 days.
- New: The list of high-risk skills is hardcoded and NOT configurable — prevents attackers from disabling protections via prompt injection.
- New: Pre-validation for impossible operations — protected roles and unmodifiable roles are rejected before creating confirmation challenges.
- New: The challenge response format includes token, confirmation URL, human-readable summary, expiration time, and instructions for the AI agent.
- New: Atomic confirmation — UPDATE WHERE status='pending' AND expires_at > NOW() prevents double execution race conditions.
- New: Content wrapping method (wrap_content) with nonce markers per request for untrusted content limits.
- Security: More than 30 skills now require human confirmation: user management, role management, option changes, database operations, cache/core cleanup, snapshot restoration/deletion, applying/reverting security, installing plugins/themes, writing/replacing files, and more.
You can acquire the license for MCP Content Manager Premium on the product page.
