MMCRA Toolkit Features

The EU Cyber Resilience Act, article by article

Regulation (EU) 2024/2847 — what each article means for someone shipping a commercial WordPress plugin into the EU market. Written without legalese. Updated as ENISA publishes harmonised standards.

Read More

SBOM generator

Generate a valid CycloneDX 1.6 Software Bill of Materials for your WordPress plugin in one click. MMCRA Toolkit reads your composer.lock and package-lock.json and emits PURLs, licenses, and supplier metadata — the dependency inventory CRA Annex II expects.

Read More

Plugin Scanner

Map your plugin's attack surface the way an auditor would: REST routes, AJAX handlers, capability checks, custom tables, outbound HTTP, and risk flags, written up as HTML and JSON for your CRA technical file.

Read More

Vulnerability Disclosure Policy

Draft and publish a vulnerability disclosure policy along ISO/IEC 29147 lines, with the [mmcra_vdp] shortcode and a rate-limited intake form. Give researchers the discoverable reporting channel CRA Article 13 requires — published from inside WordPress in minutes.

Read More

EU Declaration of Conformity

Produce a signed EU Declaration of Conformity for each plugin you ship, structured to CRA Annex V. MMCRA Toolkit fills in manufacturer identity, applied standards, and conformity route from your settings — export to HTML, print to PDF, sign, and file.

Read More

Vulnerability monitoring & incident reporting

Check every dependency in your plugin against OSV.dev — on demand in free, on a weekly cron with email alerts and AI triage in Pro. The ongoing vulnerability handling CRA Article 14 expects, running quietly inside your WordPress.

Read More