WP-Safety

Ondoku – Text to Speech (TTS) Security & Risk Analysis

wordpress.org/plugins/ondoku

Text to Speech (TTS) plugin. Automatically convert posts to MP3 audio. 音読さん - ブログ読み上げ・音声化プラグイン。

10 active installs v1.0.28 PHP 8.0+ WP 5.1+ Updated Mar 13, 2026
accessibilityaudioread-aloudtext-to-speechtts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Ondoku – Text to Speech (TTS) Safe to Use in 2026?

Generally Safe

Score 100/100

Ondoku – Text to Speech (TTS) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago
Risk Assessment

The "ondoku" v1.0.28 plugin exhibits a generally good security posture based on the provided static analysis. It has no known vulnerabilities in its history and no critical or high severity taint flows were detected. The plugin demonstrates good coding practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. It also implements nonce and capability checks on its entry points.

However, there are a few areas that warrant attention. The presence of file operations and external HTTP requests, while not inherently insecure, could introduce vulnerabilities if not handled with extreme care. The limited number of entry points and the absence of unprotected ones are positive signs, but the potential for issues in how these operations are managed still exists. The vulnerability history being clean is a strong positive, suggesting the developers are either very diligent or the plugin has not been a target, but this doesn't negate the need for continued vigilance on existing code.

Key Concerns

  • Potential risk in file operations
  • Potential risk in external HTTP requests
  • Moderate risk from unescaped output (16% is unescaped)
Vulnerabilities
None known

Ondoku – Text to Speech (TTS) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ondoku – Text to Speech (TTS) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
54 escaped
Nonce Checks
2
Capability Checks
1
File Operations
6
External Requests
4
Bundled Libraries
0

Output Escaping

84% escaped64 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
setting_save (classes\setting.php:165)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ondoku – Text to Speech (TTS) Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ondoku_test_speechclasses\setting.php:9
WordPress Hooks 14
actioninitclasses\core.php:5
actionplugins_loadedclasses\core.php:6
actionadmin_noticesclasses\core.php:8
actionadmin_initclasses\core.php:14
actionsave_postclasses\hooks.php:5
actiontransition_post_statusclasses\hooks.php:6
actionadmin_noticesclasses\hooks.php:7
filterthe_contentclasses\hooks.php:8
actionwp_headclasses\hooks.php:9
filterredirect_post_locationclasses\hooks.php:160
filterredirect_post_locationclasses\hooks.php:172
filterredirect_post_locationclasses\hooks.php:269
actionadmin_menuclasses\setting.php:7
actionadmin_initclasses\setting.php:8
Maintenance & Trust

Ondoku – Text to Speech (TTS) Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 13, 2026
PHP min version8.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Ondoku – Text to Speech (TTS) Alternatives

Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Text to Speech (TTS) by Mementor

Text to Speech (TTS) by Mementor

text-to-speech-tts

A
100

Text to Speech plugin for WordPress with natural AI voices, accessibility features, and SEO benefits. Includes 10,000 free credits.

100 No CVEs
Brand Voice Generator

Brand Voice Generator

brand-voice-generator

A
100

Generate high-quality, brand-consistent voice-overs directly within WordPress.

0 No CVEs
Listen to This Article as a Podcast – AI Text to Speech Audio Player

Listen to This Article as a Podcast – AI Text to Speech Audio Player

listen-to-this-article

A
100

Text to speech audio player for WordPress. Add a “read aloud” or “listen to this article” podcast-style player with transcripts and structured data.

0 No CVEs
Developer Profile

Ondoku – Text to Speech (TTS) Developer Profile

ondoku3

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ondoku – Text to Speech (TTS)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ondoku/ondoku.css/wp-content/plugins/ondoku/ondoku.js
Script Paths
/wp-content/plugins/ondoku/ondoku.js
Version Parameters
ondoku/ondoku.css?ver=ondoku/ondoku.js?ver=

HTML / DOM Fingerprints

CSS Classes
ondoku-audio-player
Data Attributes
data-ondoku-token
JS Globals
ondoku_playerondoku_play_pauseondoku_stop
FAQ

Frequently Asked Questions about Ondoku – Text to Speech (TTS)