WP-Safety

Post2Podcast Security & Risk Analysis

wordpress.org/plugins/post2podcast

Transform your WordPress blog posts into engaging podcast episodes with AI-powered two-speaker conversations.

0 active installs v1.3.12 PHP 7.4+ WP 5.0+ Updated Mar 9, 2026
aiaudiopodcasttext-to-speechtts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Post2Podcast Safe to Use in 2026?

Generally Safe

Score 100/100

Post2Podcast has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "post2podcast" v1.3.12 plugin exhibits a generally strong security posture with several positive indicators. The absence of known CVEs, a high percentage of properly escaped output, and the complete use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin implements nonce and capability checks for all identified entry points, which is a crucial security measure. The fact that the plugin has no recorded vulnerabilities historically suggests a mature and well-maintained codebase. However, a notable concern is the presence of one REST API route without proper permission callbacks. This creates an unprotected entry point into the plugin's functionality, which could potentially be exploited if not carefully designed. The taint analysis, while showing a small number of flows, did not identify any critical or high severity issues, which is encouraging. Despite the single unprotected REST API route, the overall security of this plugin appears to be good, with a strong emphasis on best practices in its implementation. The potential risk from the unprotected REST API route is the primary area for improvement.

Key Concerns

  • REST API route without permission callbacks
Vulnerabilities
None known

Post2Podcast Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Post2Podcast Release Timeline

v1.3.12Current
v1.3.11
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.11
v1.2.10
v1.2.8
v1.2.7
v1.2.6
v1.2.4
v1.2.3
v1.2.2
Code Analysis
Analyzed Apr 16, 2026

Post2Podcast Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
261 escaped
Nonce Checks
12
Capability Checks
13
File Operations
1
External Requests
5
Bundled Libraries
0

Output Escaping

96% escaped271 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
<class-post2podcast-admin> (includes/class-post2podcast-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Post2Podcast Attack Surface

Entry Points13
Unprotected1

AJAX Handlers 11

authwp_ajax_post2podcast_validate_keysincludes/class-post2podcast-admin.php:16
authwp_ajax_post2podcast_get_job_statusincludes/class-post2podcast-admin.php:17
authwp_ajax_post2podcast_get_audio_urlincludes/class-post2podcast-admin.php:18
authwp_ajax_post2podcast_bulk_delete_audioincludes/class-post2podcast-admin.php:19
authwp_ajax_post2podcast_delete_podcast_audioincludes/class-post2podcast-admin.php:20
authwp_ajax_post2podcast_detect_languageincludes/class-post2podcast-admin.php:21
authwp_ajax_post2podcast_get_credit_infoincludes/class-post2podcast-admin.php:22
authwp_ajax_post2podcast_bulk_start_generationincludes/class-post2podcast-admin.php:23
authwp_ajax_post2podcast_bulk_get_statusincludes/class-post2podcast-admin.php:24
authwp_ajax_post2podcast_start_audio_generationincludes/class-post2podcast-api.php:12
authwp_ajax_post2podcast_get_generation_statusincludes/class-post2podcast-api.php:13

REST API Routes 2

POST/wp-json/post2podcast/v1/update-subscriptionincludes/class-post2podcast.php:66
POST/wp-json/post2podcast/v1/update-subscriptionpost2podcast.php:42
WordPress Hooks 19
actionadmin_initincludes/class-post2podcast-admin.php:9
actionadmin_noticesincludes/class-post2podcast-admin.php:10
actionadmin_menuincludes/class-post2podcast-admin.php:11
actionadmin_initincludes/class-post2podcast-admin.php:12
actionadd_meta_boxesincludes/class-post2podcast-admin.php:13
actionsave_postincludes/class-post2podcast-admin.php:14
actionadmin_enqueue_scriptsincludes/class-post2podcast-admin.php:15
actionpost2podcast_initiate_generationincludes/class-post2podcast-api.php:14
filterthe_contentincludes/class-post2podcast.php:30
actionwp_enqueue_scriptsincludes/class-post2podcast.php:31
actionrest_api_initincludes/class-post2podcast.php:62
actionplugins_loadedincludes/upgrade.php:37
actionrest_api_initpost2podcast.php:41
actionpost2podcast_generate_podcast_cronpost2podcast.php:124
actionpublish_postpost2podcast.php:171
filtercron_schedulespost2podcast.php:179
actionwppost2podcast.php:188
actionpost2podcast_check_auto_generation_statuspost2podcast.php:195
actionplugins_loadedpost2podcast.php:226

Scheduled Events 3

post2podcast_initiate_generation
post2podcast_generate_podcast_cron
post2podcast_check_auto_generation_status
Maintenance & Trust

Post2Podcast Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 9, 2026
PHP min version7.4
Downloads815

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Post2Podcast Alternatives

BeyondWords – Text-to-Speech

BeyondWords – Text-to-Speech

speechkit

A
100

BeyondWords is the AI voice platform that brings frictionless audio publishing to newsrooms, writers, and businesses.

900 No CVEs
AI Text to Speech – TTS Plugin For WordPress

AI Text to Speech – TTS Plugin For WordPress

ai-text-to-speech

A
99

Easily generate a realistic audio version for your content and posts using OpenAI's Text to Speech API.

70 1 CVE
Simple Text to Speech

Simple Text to Speech

simple-text-to-speech

A
100

Easily generate audio version of your content using Google Cloud Text-to-Speech API.

10 No CVEs
Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Developer Profile

Post2Podcast Developer Profile

Samuel Bezerra

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post2Podcast

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post2podcast/admin/css/post2podcast-admin.css/wp-content/plugins/post2podcast/admin/js/post2podcast-admin.js/wp-content/plugins/post2podcast/public/css/post2podcast-public.css/wp-content/plugins/post2podcast/public/js/post2podcast-public.js
Script Paths
/wp-content/plugins/post2podcast/admin/js/post2podcast-admin.js/wp-content/plugins/post2podcast/public/js/post2podcast-public.js
Version Parameters
post2podcast/style.css?ver=post2podcast/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
post2podcast-wrappost2podcast-generate-buttonpost2podcast-generation-settings
HTML Comments
<!-- Post2Podcast Auto-Generation Settings --><!-- Post2Podcast Admin Settings --><!-- Post2Podcast Public Settings -->
Data Attributes
data-post2podcast-post-iddata-post2podcast-user-iddata-post2podcast-nonce
JS Globals
post2podcast_admin_paramspost2podcast_public_params
REST Endpoints
/wp-json/post2podcast/v1/update-subscription
Shortcode Output
[post2podcast_generate_button][post2podcast_generation_settings][post2podcast_public_content]
FAQ

Frequently Asked Questions about Post2Podcast