StifLi Flex MCP – MCP Server with undo for ChatGPT, Claude & Gemini

The most secure MCP Server for WordPress with Undo, plus AI Copilot & Chat Agent. ChatGPT, Claude, Gemini, OpenRouter & Mistral.

v3.3.9EstebanUpdated 11 days agoAdded 7 months ago1k+ installs100% rating100% support resolved

ChatGPT Claude WooCommerce AI copilot mcp

Score

Errors

111

Warnings

Change

Category Scores

Security0

Repo100

Performance100

Maintainability77

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

118 findings

Security

8 issue groups

Maintainability

9 issue groups

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable {$auto_table} at \t\t\t LEFT JOIN {$auto_table} a ON l.automation_id = a.id \r\n37

Category: Security
Occurrences: 37
Severity: warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$auto_table} at \t\t\t LEFT JOIN {$auto_table} a ON l.automation_id = a.id \r\n

WordPress.DB.PreparedSQL.InterpolatedNotPrepared

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.17

Category: Security
Occurrences: 17
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGMaintainabilityslow db query meta keyDetected usage of meta_key, possible slow query.13

Category: Maintainability
Occurrences: 13
Severity: warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key

WARNINGMaintainabilityslow db query meta valueDetected usage of meta_value, possible slow query.9

Category: Maintainability
Occurrences: 9
Severity: warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['sflmcp_gsc_message']6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['sflmcp_gsc_message']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGSecurityUnfinished PrepareReplacement variables found, but no valid placeholders found in the query.5

Category: Security
Occurrences: 5
Severity: warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

ERRORMaintainabilitywp function not compatible with requires wpFunction "str_ends_with()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.8.0.5

Category: Maintainability
Occurrences: 5
Severity: error

Sample message

Function "str_ends_with()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.8.0.

wp_function_not_compatible_with_requires_wp Reference

Show 7 more

WARNINGMaintainabilitySchema Change4

Category: Maintainability
Occurrences: 4
Severity: warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange

WARNINGMaintainabilityABSPATHDetected1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.

PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected

WARNINGSecurityDatabase parameter is not escaped1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Unescaped parameter $profiles_table used in $wpdb->get_var()\n$profiles_table assigned unsafely at line 2039.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORSecurityDatabase parameter is not escaped1

Category: Security
Occurrences: 1
Severity: error

Sample message

Unescaped parameter $query used in $wpdb->query()\n$query assigned unsafely at line 341.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORSecuritySQL query is not prepared1

Category: Security
Occurrences: 1
Severity: error

Sample message

Use placeholders and $wpdb->prepare(); found $query

WordPress.DB.PreparedSQL.NotPrepared

WARNINGMaintainabilityslow db query meta query1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Detected usage of meta_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_query

WARNINGMaintainabilityslow db query tax query1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Detected usage of tax_query, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_tax_query

External Connections

Potential connections found in static code analysis.

24 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

api.openai.com7 · outbound

generativelanguage.googleapis.com6 · outbound

googleapis.com4 · outbound

hook.eu1.make.com3 · outbound

hooks.zapier.com2 · outbound

ipapi.co2 · outbound

Platform / Reference Domains

github.com2 · platform/reference

make.wordpress.org2 · platform/reference

developer.wordpress.org1 · platform/reference

gnu.org1 · platform/reference

w3.org1 · platform/reference

wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints84

admin_post_sflmcp_gsc_oauth_callbackauthenticated

admin_post

admin_post_sflmcp_gsc_oauth_startauthenticated

admin_post

wp_ajax_sflmcp_apply_profileauthenticated

wp_ajax

wp_ajax_sflmcp_automation_delete_taskauthenticated

wp_ajax

wp_ajax_sflmcp_automation_get_logsauthenticated

wp_ajax

wp_ajax_sflmcp_automation_get_tasksauthenticated

wp_ajax

wp_ajax_sflmcp_automation_get_templatesauthenticated

wp_ajax

wp_ajax_sflmcp_automation_run_taskauthenticated

wp_ajax

wp_ajax_sflmcp_automation_save_taskauthenticated

wp_ajax

wp_ajax_sflmcp_automation_test_promptauthenticated

wp_ajax

wp_ajax_sflmcp_automation_test_startauthenticated

wp_ajax

wp_ajax_sflmcp_automation_test_stepauthenticated

wp_ajax

72 more hidden

Score History

First score snapshot

2 days ago

v3.3.9

Latest

Findings: 118
Errors: 7
Warnings: 111
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	40	118	7	111	v3.3.9	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

10k+ active installs

100

AI Share & Summarize

1k+ active installs

100

Easy MCP AI – Connector for Claude, ChatGPT & SEO Data

2k+ active installs

100

VigIA – AI Visibility, Analytics & Control

1k+ active installs

100

AutoPen – AI Content Writer

400 active installs

Block AI Crawlers

1k+ active installs

StifLi Flex MCP – MCP Server with undo for ChatGPT, Claude & Gemini

Category Scores

Issues to Review

External Connections

Notable Domains

Platform / Reference Domains

External Asset Domains

Incoming Endpoints

Score History

Relationship Map

Plugin

Author

Category

Issue

Domain

Related

Plugin

Author

Category

Issue

Domain

Related

Related Plugins