A
WooCommerce MCP
MCP server for managing WooCommerce stores — products, orders, customers, coupons, shipping, taxes, webhooks, settings, and system administration
Overall Score94/100
Score Breakdown
Server Info
- Package
- @amitgurbani/mcp-server-woocommerce
- Registry
- npm
- Repository
- AmitGurbani/mcp-server-woocommerce
- Maintainer
- Community
- Category
- E-commerce
- Tags
- wordpressstoreorders
- Last Scanned
- 7 Apr 2026
Findings
3 issuesAuthentication & Identity
LOWImplements MCP OAuth spec for per-user authentication
Supports both stdio and HTTP transports (selected via MCP_TRANSPORT=http). WooCommerce API auth uses consumer key/secret env vars. HTTP transport supports two auth modes: (1) bearer token via MCP_AUTH_TOKEN, or (2) OAuth 2.1 via Auth0 with JWT validation using mcp-auth library. HTTP mode implements StreamableHTTPServerTransport with session management. Serves /.well-known/oauth-protected-resource for MCP client discovery. SSE supported via GET /mcp endpoint.
Remediation
Document the required OAuth scopes for each tool.
Tool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: cleanup_orphaned_media.
Remediation
Add required arrays to all write/delete tool schemas.
Maintenance & Trust
LOWCommunity-maintained by Amit Gurbani
No official vendor backing.
Remediation
Seek vendor verification.
Tools
101 total| Name | Description | Risk |
|---|---|---|
| list_products | Search and filter the product catalog. Supports filtering by status, category, tag, type, price range, and search term. Use fields param to request only needed fields. | read |
| get_product | Get full details of a single product by ID. Returns more fields than list_products including description, tags, brands, and variations. Use fields param to request only needed fields. | read |
| create_product | Create a new WooCommerce product. For variable products, set type='variable' and include attributes array, then use create_variation to add variants. | write |
| update_product | Update an existing product. Only include fields you want to change. Note: setting images replaces all existing images. | write |
| delete_product | Delete a product. Moves to trash by default; set force=true to permanently delete. Does not delete associated media. | admin |
| list_variations | List all variations of a variable product with pricing, stock, and attribute details. | read |
| get_variation | Get full details of a single product variation. | read |
| create_variation | Create a variation for a variable product. Requires product_id and attributes to define the variation combination. | write |
| update_variation | Update a product variation. Only include fields you want to change. | write |
| batch_update_variations | Batch update multiple variations at once. Useful for bulk price changes or stock updates. | write |
| list_orders | Search and filter orders. Supports filtering by status, customer, date range, and search term. Use fields param to request only needed fields. | read |
| get_order | Get full details of a single order including billing, shipping, line items, and payment info. Use fields param to request only needed fields. | read |
| create_order | Create a new order. Requires line_items with product_id and quantity. Use variation_id for variable product variants. | write |
| update_order | Update an order. Commonly used to change status (e.g. pending -> processing -> completed). See get_order_totals for valid statuses. | write |
| delete_order | Delete an order. Moves to trash by default; set force=true to permanently delete. | admin |
| list_customers | Search and filter customers by name, email, or role. Returns order count and total spent per customer. Use fields param to request only needed fields. | read |
| get_customer | Get full customer details including billing and shipping addresses, order history stats. Use fields param to request only needed fields. | read |
| create_customer | Create a new customer account. Email is required and must be unique. Use fields param to request only needed fields. | write |
| update_customer | Update customer details such as name, email, or addresses. Only include fields you want to change. Use fields param to request only needed fields. | write |
| list_categories | List product categories with hierarchy (parent/child). Supports search and pagination. | read |
| get_category | Get full details of a product category. | read |
| create_category | Create a product category. Set parent to nest under an existing category. | write |
| update_category | Update a product category. | write |
| delete_category | Delete a product category. Products in this category are not deleted. | admin |
| list_tags | List product tags. Supports search and pagination. | read |
| get_tag | Get details of a product tag. | read |
| create_tag | Create a product tag. | write |
| update_tag | Update a product tag. | write |
| delete_tag | Delete a product tag. | admin |
| list_brands | List product brands. Supports search and pagination. | read |
| get_brand | Get details of a product brand. | read |
| create_brand | Create a product brand. | write |
| update_brand | Update a product brand. | write |
| delete_brand | Delete a product brand. | admin |
| list_attributes | List global product attributes (e.g. Color, Size). | read |
| get_attribute | Get details of a global product attribute. | read |
| create_attribute | Create a global product attribute (e.g. Color, Size). | write |
| delete_attribute | Delete a global product attribute and all its terms. | admin |
| list_attribute_terms | List terms (values) for a global product attribute. | read |
| create_attribute_term | Create a term (value) for a global product attribute. | write |
| delete_attribute_term | Delete a term from a global product attribute. | admin |
| batch_update_attribute_terms | Batch create, update, or delete attribute terms. | write |
| list_order_notes | List notes for an order (internal and customer-facing). | read |
| create_order_note | Add a note to an order. Set customer_note=true to make it visible to the customer. | write |
| delete_order_note | Delete a note from an order. | admin |
| list_order_refunds | List all refunds for an order. Shows refund amounts, reasons, and who processed them. Use fields param to request only needed fields. | read |
| create_order_refund | Create a refund for an order. Can refund full or partial amount. Set api_refund=true (default) to automatically refund via payment gateway, or false for manual refund. | write |
| delete_order_refund | Delete a refund record from an order. This removes the refund entry but does not reverse the payment — use with caution. | admin |
| list_coupons | List coupons with optional filtering by code or search term. | read |
| get_coupon | Get full details of a coupon. | read |
| create_coupon | Create a discount coupon with amount, type, usage limits, and product/category restrictions. | write |
| update_coupon | Update a coupon. Only include fields you want to change. | write |
| delete_coupon | Delete a coupon. Set force=true to permanently delete. | admin |
| list_product_reviews | List product reviews with optional filtering by product, status, or reviewer. | read |
| get_product_review | Get full details of a product review. | read |
| update_product_review | Update a product review (status, content, rating). | write |
| delete_product_review | Delete a product review. | admin |
| list_tax_classes | List all tax classes (e.g. Standard, Reduced Rate, Zero Rate). | read |
| create_tax_class | Create a new tax class. | write |
| delete_tax_class | Delete a tax class. Only empty classes (no rates) can be deleted. | admin |
| list_tax_rates | List tax rates with optional filtering by class. | read |
| get_tax_rate | Get full details of a tax rate. | read |
| create_tax_rate | Create a tax rate for a country/state with rate percentage and applicable tax class. | write |
| update_tax_rate | Update an existing tax rate. | write |
| delete_tax_rate | Delete a tax rate. | admin |
| list_shipping_zones | List all shipping zones. | read |
| get_shipping_zone | Get details of a shipping zone. | read |
| create_shipping_zone | Create a shipping zone with name and order priority. | write |
| update_shipping_zone | Update a shipping zone. | write |
| delete_shipping_zone | Delete a shipping zone and its methods. | admin |
| list_shipping_zone_methods | List shipping methods in a zone. | read |
| add_shipping_zone_method | Add a shipping method to a zone (flat_rate, free_shipping, local_pickup). | write |
| update_shipping_zone_method | Update a shipping method in a zone. | write |
| delete_shipping_zone_method | Delete a shipping method from a zone. | admin |
| list_shipping_classes | List shipping classes used to group products for shipping rate calculation. | read |
| create_shipping_class | Create a shipping class. | write |
| delete_shipping_class | Delete a shipping class. | admin |
| list_payment_gateways | List all available payment gateways and their status. | read |
| get_payment_gateway | Get details of a payment gateway including settings. | read |
| update_payment_gateway | Update a payment gateway (enable/disable, change settings). | admin |
| list_setting_groups | List all WooCommerce setting groups. Groups include: general, products, tax, shipping, checkout, account, email, advanced. Use group ID with get_settings to see options. | read |
| get_settings | Get all settings in a group. Common groups: 'general' (store address, currency), 'products' (measurements, reviews), 'tax' (tax options), 'shipping' (shipping options). | read |
| update_setting | Update a single setting value. Use get_settings first to find the setting ID and valid options. Example: group_id='general', setting_id='woocommerce_currency', value='INR'. | admin |
| list_webhooks | List webhooks. Webhooks send POST requests to a URL when store events occur (e.g. order.created, product.updated). | read |
| get_webhook | Get full details of a webhook by ID including secret and API version. | read |
| create_webhook | Create a webhook. Topic format: 'resource.event' (e.g. 'order.created', 'product.updated', 'coupon.deleted'). Resources: order, product, customer, coupon. Events: created, updated, deleted, restored. | write |
| update_webhook | Update a webhook. Use to change delivery URL, topic, status (pause/resume), or secret. | write |
| delete_webhook | Delete a webhook. Set force=true to permanently delete. | admin |
| get_system_status | Get WooCommerce system status including environment, database, active plugins, theme, settings, and security info. | read |
| list_system_tools | List available system tools (e.g. clear_transients, recount_terms, db_update_routine). These are maintenance utilities. | read |
| run_system_tool | Run a system maintenance tool. Common tools: clear_transients, clear_template_cache, recount_terms, db_update_routine, install_pages. | admin |
| get_sales_report | Get sales report with totals for a date range. | read |
| get_order_totals | Get order count by status. | read |
| get_product_totals | Get product count by type. | read |
| get_customer_totals | Get customer count by role. | read |
| get_top_sellers | Get top selling products for a date range. | read |
| list_countries | List all countries with states/provinces. | read |
| list_currencies | List all supported currencies with symbols and rates. | read |
| list_media | List media files (images) from the WordPress media library. | read |
| delete_media | Delete a media file from the WordPress media library. | admin |
| cleanup_orphaned_media | Find and optionally delete media files not referenced by any product. | admin |
Deploy WooCommerce MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow