WP-Safety

Accessibility Audio TTS – Text To Speech for Articles Security & Risk Analysis

wordpress.org/plugins/accessibility-audio-tts-text-to-speech-for-articles

Accessibility-focused text-to-speech player for articles. Convert posts to high-quality audio

0 active installs v1.0.6 PHP 7.4+ WP 6.0+ Updated Apr 2, 2026
a11yaccessibilityaudioplayertext-to-speech
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Accessibility Audio TTS – Text To Speech for Articles Safe to Use in 2026?

Generally Safe

Score 100/100

Accessibility Audio TTS – Text To Speech for Articles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "accessibility-audio-tts-text-to-speech-for-articles" plugin v1.0.6 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by consistently using prepared statements for SQL queries and a high percentage of properly escaped outputs. The complete absence of known CVEs and historically recorded vulnerabilities is also a significant strength, suggesting a generally stable and well-maintained codebase.

However, there are several concerning areas. The plugin exposes a substantial attack surface with 28 AJAX handlers, a significant portion of which (20) lack authentication checks. This is a critical oversight, potentially allowing unauthenticated users to trigger plugin functionalities. The taint analysis reveals 13 flows with unsanitized paths, two of which are categorized as high severity. This indicates potential vulnerabilities where untrusted input could lead to unintended or malicious actions. Furthermore, the use of dangerous functions like `preg_replace(/e)` (which can be vulnerable to code execution if used with user-supplied patterns) and `unserialize` (which can lead to remote code execution if processing untrusted data) raises red flags, even if current taint analysis doesn't show critical exploitation paths.

In conclusion, while the plugin benefits from a clean vulnerability history and sound database practices, the large number of unprotected AJAX endpoints and the presence of high-severity taint flows with unsanitized paths are significant weaknesses. The use of potentially dangerous functions warrants careful review and potential mitigation. Addressing these areas would greatly improve the plugin's overall security.

Key Concerns

  • 20 AJAX handlers without auth checks
  • 2 high severity taint flows with unsanitized paths
  • Use of dangerous function: preg_replace(/e)
  • Use of dangerous function: unserialize
Vulnerabilities
None known

Accessibility Audio TTS – Text To Speech for Articles Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Accessibility Audio TTS – Text To Speech for Articles Release Timeline

v1.0.6Current
Code Analysis
Analyzed Apr 16, 2026

Accessibility Audio TTS – Text To Speech for Articles Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
43 prepared
Unescaped Output
35
852 escaped
Nonce Checks
21
Capability Checks
25
File Operations
23
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eadmin/view-renderer.php:498
set_time_limitset_time_limit( 360 ); // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouraged -- Required for lofeatures/audio-generation/admin-audio-controller.php:90
unserialize$cache_data = unserialize( $data ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_infrastructure/cache/cache-manager.php:532

SQL Query Safety

100% prepared43 total queries

Output Escaping

96% escaped887 total outputs
Data Flows · Security
13 unsanitized

Data Flow Analysis

16 flows13 with unsanitized paths
ensure_upload_directory (features/storage/abstract-audio-file-handler.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
20 unprotected

Accessibility Audio TTS – Text To Speech for Articles Attack Surface

Entry Points28
Unprotected20

AJAX Handlers 28

authwp_ajax_accessibility_audio_tts_delete_audioadmin/admin-secure.php:154
authwp_ajax_accessibility_audio_tts_export_cost_dataadmin/admin-secure.php:157
authwp_ajax_accessibility_audio_tts_import_cost_dataadmin/admin-secure.php:158
authwp_ajax_accessibility_audio_tts_clear_asset_cacheadmin/asset-manager.php:120
authwp_ajax_accessibility_audio_tts_export_dataadmin/data-management/admin-data-ajax-handler.php:73
authwp_ajax_accessibility_audio_tts_import_dataadmin/data-management/admin-data-ajax-handler.php:76
authwp_ajax_accessibility_audio_tts_validate_importadmin/data-management/admin-data-ajax-handler.php:77
authwp_ajax_accessibility_audio_tts_repair_database_urlsadmin/data-management/admin-data-ajax-handler.php:80
authwp_ajax_accessibility_audio_tts_test_chatgpt_connectionadmin/data-management/chatgpt-ajax-handler.php:46
authwp_ajax_accessibility_audio_tts_clear_chatgpt_keyadmin/data-management/chatgpt-ajax-handler.php:49
authwp_ajax_accessibility_audio_tts_get_debug_logadmin/debug/debug-ajax-handler.php:56
authwp_ajax_accessibility_audio_tts_enable_debug_modeadmin/debug/debug-ajax-handler.php:57
authwp_ajax_accessibility_audio_tts_get_voicesadmin/settings/voice-ajax-handler.php:44
authwp_ajax_accessibility_audio_tts_update_voice_cacheadmin/settings/voice-ajax-handler.php:45
authwp_ajax_accessibility_audio_tts_get_cached_voicesadmin/settings/voice-ajax-handler.php:46
authwp_ajax_accessibility_audio_tts_generate_audiofeatures/audio-generation/audio-ajax-handler.php:68
noprivwp_ajax_accessibility_audio_tts_generate_audiofeatures/audio-generation/audio-ajax-handler.php:69
authwp_ajax_accessibility_audio_tts_process_single_postfeatures/audio-generation/audio-ajax-handler.php:70
authwp_ajax_accessibility_audio_tts_convert_to_audiofeatures/audio-generation/conversion-ajax-handler.php:61
authwp_ajax_accessibility_audio_tts_delete_audiofeatures/audio-generation/conversion-ajax-handler.php:62
authwp_ajax_accessibility_audio_tts_get_conversion_statsfeatures/audio-generation/conversion-ajax-handler.php:63
authwp_ajax_accessibility_audio_tts_track_listeningfeatures/tracking/listening-tracker-ajax.php:37
noprivwp_ajax_accessibility_audio_tts_track_listeningfeatures/tracking/listening-tracker-ajax.php:38
authwp_ajax_accessibility_audio_tts_get_post_statsfeatures/tracking/listening-tracker-ajax.php:40
noprivwp_ajax_accessibility_audio_tts_get_post_statsfeatures/tracking/listening-tracker-ajax.php:41
authwp_ajax_accessibility_audio_tts_get_cron_statusinfrastructure/cron/cron-ajax-handler.php:76
authwp_ajax_accessibility_audio_tts_trigger_cron_manuallyinfrastructure/cron/cron-ajax-handler.php:77
authwp_ajax_accessibility_audio_tts_get_generated_postsinfrastructure/cron/cron-ajax-handler.php:78
WordPress Hooks 85
actionadmin_noticesaccessibility-audio-tts-text-to-speech-for-articles.php:60
actionadmin_noticesaccessibility-audio-tts-text-to-speech-for-articles.php:129
actioninitaccessibility-audio-tts-text-to-speech-for-articles.php:243
actionadmin_initaccessibility-audio-tts-text-to-speech-for-articles.php:244
actionwpaccessibility-audio-tts-text-to-speech-for-articles.php:245
filterplugin_row_metaaccessibility-audio-tts-text-to-speech-for-articles.php:325
actionadmin_menuadmin/admin-hook-manager.php:53
actionadmin_enqueue_scriptsadmin/admin-hook-manager.php:54
actionadmin_initadmin/admin-hook-manager.php:55
actionaccessibility_audio_tts_process_background_postsadmin/admin-hook-manager.php:86
actionaccessibility_audio_tts_auto_trigger_cronadmin/admin-hook-manager.php:87
actionpublish_postadmin/admin-hook-manager.php:88
actionpublish_to_publishadmin/admin-hook-manager.php:89
actionaccessibility_audio_tts_process_queueadmin/admin-hook-manager.php:90
filtercron_schedulesadmin/admin-hook-manager.php:97
actionadmin_menuadmin/admin-secure.php:138
actionadmin_enqueue_scriptsadmin/admin-secure.php:151
actionaccessibility_audio_tts_process_background_postsadmin/admin-secure.php:161
actionaccessibility_audio_tts_execute_auto_triggeradmin/admin-secure.php:162
actionaccessibility_audio_tts_auto_schedule_post_conversionadmin/admin-secure.php:163
actionaccessibility_audio_tts_process_queueadmin/admin-secure.php:164
actionadmin_enqueue_scriptsadmin/asset-manager.php:109
actionwp_enqueue_scriptsadmin/asset-manager.php:110
actionwp_footeradmin/asset-manager.php:114
actionadmin_footeradmin/asset-manager.php:115
actioninitadmin/asset-manager.php:124
filteraccessibility_audio_tts_asset_contentadmin/asset-manager.php:132
filterscript_loader_tagadmin/frontend-asset-loader.php:102
actionadmin_enqueue_scriptsadmin/posts/generated-list-renderer.php:23
actionadd_meta_boxesadmin/posts/post-edit-meta-box.php:34
actionadmin_enqueue_scriptsadmin/posts/post-edit-meta-box.php:35
filtercron_schedulesadmin/settings/admin-performance-manager.php:112
filterscript_loader_tagadmin/simple-admin-asset-loader.php:524
actionadmin_enqueue_scriptsbootstrap/admin-bootstrap.php:100
actionadmin_noticesbootstrap/admin-bootstrap.php:384
actionadmin_noticesbootstrap/core-initializer.php:270
actionwp_enqueue_scriptsbootstrap/frontend-bootstrap.php:121
actionadmin_noticesbootstrap/frontend-bootstrap.php:339
actionadmin_noticesbootstrap/plugin.php:166
actionaccessibility_audio_tts_check_conversionsfeatures/audio-generation/conversion-manager.php:58
actionaccessibility_audio_tts_process_batchfeatures/audio-generation/conversion-manager.php:59
actionwp_enqueue_scriptsfeatures/audio-playback/player.php:61
filterthe_contentfeatures/audio-playback/player.php:62
filteraccessibility_audio_tts_text_fine_tuner_availablefeatures/text-correction/text-correction-initializer.php:26
filteraccessibility_audio_tts_apply_text_fine_tuningfeatures/text-correction/text-correction-initializer.php:29
actionwp_loadedinfrastructure/ajax/cors-manager.php:27
filtercron_schedulesinfrastructure/cron/admin-cron-manager.php:33
actionaccessibility_audio_tts_process_background_postsinfrastructure/cron/admin-cron-manager.php:86
actionaccessibility_audio_tts_auto_trigger_croninfrastructure/cron/admin-cron-manager.php:87
actionpublish_postinfrastructure/cron/admin-cron-manager.php:88
actionpublish_to_publishinfrastructure/cron/admin-cron-manager.php:89
actionaccessibility_audio_tts_process_queueinfrastructure/cron/admin-cron-manager.php:90
actionaccessibility_audio_tts_security_cleanupinfrastructure/cron/admin-cron-manager.php:91
filtercron_schedulesinfrastructure/cron/admin-cron-manager.php:93
actionaccessibility_audio_tts_process_queueinfrastructure/cron/cron-executor.php:27
actionaccessibility_audio_tts_process_background_postsinfrastructure/cron/cron-executor.php:30
actionaccessibility_audio_tts_security_cleanupinfrastructure/cron/cron-executor.php:33
filtercron_schedulesinfrastructure/cron/cron-manager.php:82
filtercron_schedulesinfrastructure/cron/cron-manager.php:138
actionaccessibility_audio_tts_cron_health_checkinfrastructure/cron/cron-manager.php:321
filterposts_pre_queryinfrastructure/database/database-optimizer.php:81
filterpre_get_postsinfrastructure/database/database-optimizer.php:82
actionshutdowninfrastructure/database/database-optimizer.php:86
actionwp_scheduled_deleteinfrastructure/database/database-optimizer.php:90
actionposts_selectioninfrastructure/database/database-optimizer.php:123
filterposts_pre_queryinfrastructure/performance-optimizer.php:100
filterpre_get_postsinfrastructure/performance-optimizer.php:101
actionwp_loadedinfrastructure/performance-optimizer.php:105
actionwp_enqueue_scriptsinfrastructure/performance-optimizer.php:108
actionadmin_enqueue_scriptsinfrastructure/performance-optimizer.php:109
actionwp_scheduled_deleteinfrastructure/performance-optimizer.php:112
actionshutdowninfrastructure/performance-optimizer.php:116
actionposts_selectioninfrastructure/performance-optimizer.php:177
actionrest_api_initinfrastructure/rest/rest-api.php:52
actionadmin_menushared/abstract-admin-controller.php:73
actionadmin_initshared/abstract-admin-controller.php:74
actionadmin_enqueue_scriptsshared/abstract-admin-controller.php:75
actionadmin_noticesshared/abstract-admin-controller.php:163
actionadmin_noticesshared/plugin-helpers.php:501
actionadmin_noticesshared/plugin-utils.php:87
actioninitshared/security-manager.php:50
actionwp_loadedshared/security-manager.php:51
filterwp_die_handlershared/security-manager.php:52
actionadmin_noticesshared/security-manager.php:84
actionadmin_noticesshared/security-manager.php:97

Scheduled Events 11

accessibility_audio_tts_process_queue
accessibility_audio_tts_process_background_posts
accessibility_audio_tts_process_background_posts
accessibility_audio_tts_process_background_posts
accessibility_audio_tts_process_batch
accessibility_audio_tts_process_background_posts
accessibility_audio_tts_process_background_posts
accessibility_audio_tts_process_queue
accessibility_audio_tts_security_cleanup
accessibility_audio_tts_cron_health_check
accessibility_audio_tts_generate_single
Maintenance & Trust

Accessibility Audio TTS – Text To Speech for Articles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 2, 2026
PHP min version7.4
Downloads142

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Accessibility Audio TTS – Text To Speech for Articles Alternatives

Colbass – a Read-Aloud player (Text to Speech) AI audio player

Colbass – a Read-Aloud player (Text to Speech) AI audio player

colbass-read-aloud-player

A
100

Enjoy the first month free! No commitment required, cancel anytime. A read-aloud player will be added to every article.

0 No CVEs
Podcast-Style Text to Speech – Hi, Moose

Podcast-Style Text to Speech – Hi, Moose

listen-to-this-article

A
100

Text to speech audio player for WordPress with podcast-style audio, visible transcripts, structured data, and read aloud playback.

0 No CVEs
Readivo – Text to Speech Audio Player

Readivo – Text to Speech Audio Player

readivo

A
100

Convert WordPress posts and pages into audio using a text-to-speech player. Let visitors listen to your articles with the Readivo audio player.

0 No CVEs
Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Developer Profile

Accessibility Audio TTS – Text To Speech for Articles Developer Profile

App4You

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Accessibility Audio TTS – Text To Speech for Articles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/admin-bar.css/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/audio-player.css/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/frontend.css/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/admin-bar.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/audio-player.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/frontend.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/settings.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/shortcode.js
Script Paths
/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/admin-bar.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/audio-player.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/frontend.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/settings.js/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/shortcode.js
Version Parameters
/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/admin-bar.css?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/audio-player.css?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/css/frontend.css?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/admin-bar.js?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/audio-player.js?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/frontend.js?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/settings.js?ver=/wp-content/plugins/accessibility-audio-tts-text-to-speech-for-articles/assets/js/shortcode.js?ver=

HTML / DOM Fingerprints

CSS Classes
aats-audio-playeraats-controlsaats-play-buttonaats-pause-buttonaats-stop-buttonaats-progress-baraats-volume-controlaats-settings-button+5 more
HTML Comments
<!-- Accessibility Audio TTS Plugin --><!-- Start Accessibility Audio TTS --><!-- End Accessibility Audio TTS --><!-- Accessibility Audio TTS Audio Player Container -->+1 more
Data Attributes
data-aats-playdata-aats-pausedata-aats-stopdata-aats-volumedata-aats-settingsdata-aats-voice+2 more
JS Globals
window.aats_player_settingswindow.accessibilityAudioTTS
REST Endpoints
/wp-json/accessibility-audio-tts/v1/speak/wp-json/accessibility-audio-tts/v1/settings
Shortcode Output
[aats_audio_player][aats_tts_trigger]
FAQ

Frequently Asked Questions about Accessibility Audio TTS – Text To Speech for Articles