WP-Safety

ListenUp Security & Risk Analysis

wordpress.org/plugins/listenup

Add "read this to me" functionality to your WordPress posts using Murf.ai text-to-speech technology.

0 active installs v1.5.132 PHP 7.4+ WP 5.8+ Updated Unknown
accessibilityaudiotext-to-speechtts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ListenUp Safe to Use in 2026?

Generally Safe

Score 100/100

ListenUp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "listenup" v1.5.132 plugin demonstrates generally good security practices, with a significant portion of its SQL queries utilizing prepared statements and a high percentage of properly escaped outputs. The absence of known CVEs in its history is a positive indicator of past security diligence. The plugin also implements a decent number of nonce and capability checks for its entry points.

However, the static analysis reveals a concerning pattern in the taint analysis, where all five analyzed flows showed unsanitized paths. While no critical or high severity issues were flagged directly by this, it indicates a potential for unexpected behavior or vulnerabilities if user-supplied data is not rigorously validated before being used in file operations or other sensitive contexts. The presence of bundled Guzzle library also raises a minor concern, as outdated bundled libraries can introduce security risks if not kept up-to-date.

Overall, the plugin is in a relatively secure state due to its proactive use of security measures like prepared statements and output escaping, and its clean vulnerability history. The primary area for improvement lies in reinforcing input sanitization, particularly for the identified taint flows, to mitigate potential risks. Addressing any outdated bundled libraries would further strengthen its security posture.

Key Concerns

  • Taint flows with unsanitized paths (5)
  • Bundled library (Guzzle)
Vulnerabilities
None known

ListenUp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

ListenUp Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
10 prepared
Unescaped Output
8
337 escaped
Nonce Checks
15
Capability Checks
12
File Operations
113
External Requests
8
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

59% prepared17 total queries

Output Escaping

98% escaped345 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
ajax_generate_preroll (src\Admin\Admin.php:1445)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ListenUp Attack Surface

Entry Points21
Unprotected0

AJAX Handlers 19

authwp_ajax_listenup_clear_debug_logsrc\Admin\Admin.php:60
authwp_ajax_listenup_get_voicessrc\Admin\Admin.php:61
authwp_ajax_listenup_preview_voicesrc\Admin\Admin.php:62
authwp_ajax_listenup_generate_prerollsrc\Admin\Admin.php:63
authwp_ajax_listenup_save_prerollsrc\Admin\Admin.php:64
authwp_ajax_listenup_get_preroll_urlsrc\Admin\Admin.php:65
noprivwp_ajax_listenup_get_preroll_urlsrc\Admin\Admin.php:66
authwp_ajax_listenup_upload_to_cloudsrc\Admin\Admin.php:67
authwp_ajax_listenup_delete_audiosrc\Admin\Admin.php:68
authwp_ajax_listenup_add_pronunciationsrc\Admin\Admin.php:69
authwp_ajax_listenup_remove_pronunciationsrc\Admin\Admin.php:70
authwp_ajax_listenup_preview_pronunciationsrc\Admin\Admin.php:71
authwp_ajax_listenup_generate_audiosrc\Admin\MetaBox.php:64
authwp_ajax_listenup_download_wavsrc\Frontend\Frontend.php:67
noprivwp_ajax_listenup_download_wavsrc\Frontend\Frontend.php:68
authwp_ajax_listenup_serve_audiosrc\Frontend\Frontend.php:69
noprivwp_ajax_listenup_serve_audiosrc\Frontend\Frontend.php:70
authwp_ajax_listenup_get_audio_urlsrc\Frontend\Frontend.php:71
noprivwp_ajax_listenup_get_audio_urlsrc\Frontend\Frontend.php:72

Shortcodes 2

[listenup_library] src\Frontend\LibraryShortcode.php:51
[listenup] src\Frontend\Shortcode.php:60
WordPress Hooks 11
actioninitlistenup.php:88
actionadmin_menusrc\Admin\Admin.php:57
actionadmin_initsrc\Admin\Admin.php:58
actionadmin_enqueue_scriptssrc\Admin\Admin.php:59
actionadd_meta_boxessrc\Admin\MetaBox.php:63
actionadmin_enqueue_scriptssrc\Admin\MetaBox.php:65
actionbefore_delete_postsrc\Core\Cache.php:65
actionwp_enqueue_scriptssrc\Frontend\Frontend.php:65
filterthe_contentsrc\Frontend\Frontend.php:66
filterallowed_redirect_hostssrc\Frontend\Frontend.php:449
actionwp_enqueue_scriptssrc\Frontend\LibraryShortcode.php:52
Maintenance & Trust

ListenUp Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads226

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

ListenUp Alternatives

Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Text to Speech (TTS) by Mementor

Text to Speech (TTS) by Mementor

text-to-speech-tts

A
100

Text to Speech plugin for WordPress with natural AI voices, accessibility features, and SEO benefits. Includes 10,000 free credits.

100 No CVEs
Ondoku – Text to Speech (TTS)

Ondoku – Text to Speech (TTS)

ondoku

A
100

Text to Speech (TTS) plugin. Automatically convert posts to MP3 audio. 音読さん - ブログ読み上げ・音声化プラグイン。

10 No CVEs
Brand Voice Generator

Brand Voice Generator

brand-voice-generator

A
100

Generate high-quality, brand-consistent voice-overs directly within WordPress.

0 No CVEs
Developer Profile

ListenUp Developer Profile

Adam Greenwell

5 plugins · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ListenUp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/listenup/build/css/admin.css/wp-content/plugins/listenup/build/js/admin.js/wp-content/plugins/listenup/build/js/frontend.js/wp-content/plugins/listenup/build/js/editor.js/wp-content/plugins/listenup/build/css/editor.css
Script Paths
/wp-content/plugins/listenup/build/js/admin.js/wp-content/plugins/listenup/build/js/frontend.js/wp-content/plugins/listenup/build/js/editor.js
Version Parameters
listenup/build/css/admin.css?ver=listenup/build/js/admin.js?ver=listenup/build/js/frontend.js?ver=listenup/build/js/editor.js?ver=listenup/build/css/editor.css?ver=

HTML / DOM Fingerprints

CSS Classes
listenup-admin-wraplistenup-settings-fieldlistenup-voice-settingslistenup-audio-settingslistenup-preroll-settingslistenup-pronunciation-dictionarylistenup-debug-loglistenup-pronunciation-item+2 more
HTML Comments
<!-- Silence is golden. --><!-- ListenUp audio player --><!-- /ListenUp audio player --><!-- ListenUp pronunciation dictionary -->+5 more
Data Attributes
data-listenup-playerdata-listenup-voicedata-listenup-voice-styledata-listenup-audio-formatdata-listenup-auto-placementdata-listenup-placement-position+4 more
JS Globals
listenup_admin_paramslistenup_frontend_paramslistenup_editor_paramsListenUp
REST Endpoints
/wp-json/listenup/v1/pronunciations/wp-json/listenup/v1/settings/wp-json/listenup/v1/voices/wp-json/listenup/v1/preroll/wp-json/listenup/v1/debug-log/wp-json/listenup/v1/generate-audio/wp-json/listenup/v1/cloud-upload/wp-json/listenup/v1/delete-audio
Shortcode Output
[listenup_audio_player][listenup_library]
FAQ

Frequently Asked Questions about ListenUp