SudoWP Radar
Security auditor for the WordPress Abilities API. Scans registered abilities for permission, schema, and exposure risks.
00
·0 active installs·Updated 1 week agoAs of April 2026, SudoWP Radar is a WordPress audit plugin with 0 active installations and a 0/5 rating0. It has been downloaded 62 times in total. Requires WordPress 6.9+ and PHP 8.1+. Available on WordPress.org since 2026. Actively maintained — updated within the last month. Top alternative: Audit Trail.
0/5Rating
0active installs
62total downloads
1 monthsince 2026
Overview
SudoWP Radar is a runtime security auditor for the WordPress 6.9 Abilities API. It scans every registered ability across all active plugins and themes, applying a rule engine that detects the vulnerability patterns most likely to be exploited in production.
What it audits:
- Open and weak permissions — abilities with no permission_callback, or one that allows any authenticated user through.
- Missing or loose input schemas — abilities that accept unconstrained string inputs, creating potential injection vectors for path traversal, SSRF, and similar attacks.
- REST overexposure — abilities marked show_in_rest with no or open permission control, accessible to unauthenticated callers.
- MCP overexposure — abilities marked meta.mcp.public = true with a weak or null permission…
Ratings & Reviews
00 reviews
5 ★
0
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 6.9+ requiredTested up to 6.9.4 |
| PHP | 8.1+ required |
Top Alternatives to SudoWP Radar
Frequently Asked Questions
Changelog
1.0.1
- Security: Added filter output validation to ensure only Finding instances are processed.
- Hardening: Prefixed all constants from RADAR_* to SUDOWP_RADAR_* to prevent namespace collisions.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.