WP-Safety

Real Voice – Text to Speech Security & Risk Analysis

wordpress.org/plugins/real-voice

Real Voice is a text-to-speech plugin for WordPress that supports the Web Speech API, Google Text-to-Speech AI, and Azure Text to speech.

300 active installs v1.14 PHP 7.4+ WP 5.0+ Updated May 6, 2025
audiospeechtext-to-audiotext-to-speechtts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Real Voice – Text to Speech Safe to Use in 2026?

Generally Safe

Score 100/100

Real Voice – Text to Speech has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The Real Voice plugin v1.14 exhibits a generally strong security posture, with several key indicators of good development practices. The absence of known CVEs and a clean vulnerability history suggests a commitment to security by the developers. The plugin also demonstrates good control over its entry points, with all REST API routes and a lack of AJAX handlers or shortcodes that could be exploited without proper authentication. Furthermore, the extensive use of output escaping and nonce checks indicates a focus on preventing common web vulnerabilities.

However, there are a couple of areas that warrant attention. The taint analysis revealed two flows with unsanitized paths. While these are not categorized as critical or high severity, they still represent a potential avenue for attackers to manipulate file operations or external requests. Additionally, the presence of file operations and external HTTP requests, even if limited, are inherently riskier than static code. The SQL query usage is mostly good with prepared statements, but the remaining portion could be a minor concern.

In conclusion, Real Voice v1.14 is largely secure, with strengths in its limited attack surface, robust authentication checks, and effective output sanitization. The main weaknesses lie in the two identified unsanitized path flows, which, while not critical, should be investigated and remediated to further harden the plugin's security.

Key Concerns

  • Unsanitized paths in taint analysis flows
  • File operations present
  • External HTTP requests present
  • SQL queries not always prepared
Vulnerabilities
None known

Real Voice – Text to Speech Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Real Voice – Text to Speech Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
13 prepared
Unescaped Output
13
348 escaped
Nonce Checks
5
Capability Checks
10
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

59% prepared22 total queries

Output Escaping

96% escaped361 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
display_crud_menu (admin\inc\menu\class-daextrevo-menu-elements.php:1336)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Real Voice – Text to Speech Attack Surface

Entry Points5
Unprotected0

REST API Routes 5

POST/wp-json/real-voice/v1/create-audio-file/inc\class-daextrevo-rest.php:83
POST/wp-json/real-voice/v1/delete-audio-file/inc\class-daextrevo-rest.php:94
POST/wp-json/real-voice/v1/read-options/inc\class-daextrevo-rest.php:105
POST/wp-json/real-voice/v1/optionsinc\class-daextrevo-rest.php:116
POST/wp-json/real-voice/v1/requests/inc\class-daextrevo-rest.php:127
WordPress Hooks 22
actionadmin_enqueue_scriptsadmin\class-daextrevo-admin.php:84
actionadmin_enqueue_scriptsadmin\class-daextrevo-admin.php:85
actionadmin_menuadmin\class-daextrevo-admin.php:88
actionadd_meta_boxesadmin\class-daextrevo-admin.php:91
actionsave_postadmin\class-daextrevo-admin.php:97
actionwpmu_new_blogadmin\class-daextrevo-admin.php:100
actiondelete_blogadmin\class-daextrevo-admin.php:103
actioninitadmin\class-daextrevo-admin.php:106
actionadmin_initadmin\inc\menu\class-daextrevo-menu-elements.php:125
actionadmin_initadmin\inc\menu\class-daextrevo-menu-elements.php:126
actionadmin_initadmin\inc\menu\class-daextrevo-menu-elements.php:127
actionadmin_initadmin\inc\menu\class-daextrevo-menu-elements.php:131
actioninitblocks\src\init.php:14
actionenqueue_block_editor_assetsblocks\src\init.php:37
actioninitblocks\src\init.php:153
actionrest_api_initinc\class-daextrevo-rest.php:58
actionplugins_loadedinit.php:33
actionplugins_loadedinit.php:41
actionplugins_loadedinit.php:51
filterthe_contentpublic\class-daextrevo-public.php:46
actionwp_enqueue_scriptspublic\class-daextrevo-public.php:49
actionwp_enqueue_scriptspublic\class-daextrevo-public.php:52
Maintenance & Trust

Real Voice – Text to Speech Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 6, 2025
PHP min version7.4
Downloads4K

Community Trust

Rating20/100
Number of ratings1
Active installs300
Alternatives

Real Voice – Text to Speech Alternatives

Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Trinity Audio – Text to Speech AI audio player to convert content into audio

Trinity Audio – Text to Speech AI audio player to convert content into audio

trinity-audio

A
95

The audio player will convert your content into audio in just a few clicks, with one-time seamless integration (no support, or special tech knowledge …

2K 5 CVEs
Say It!

Say It!

say-it

A
85

Text to speech plugin helping your website easily say something !

100 No CVEs
Text to Speech (TTS) by Mementor

Text to Speech (TTS) by Mementor

text-to-speech-tts

A
100

Text to Speech plugin for WordPress with natural AI voices, accessibility features, and SEO benefits. Includes 10,000 free credits.

100 No CVEs
Developer Profile

Real Voice – Text to Speech Developer Profile

DAEXT

13 plugins · 30K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Real Voice – Text to Speech

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/real-voice/admin/css/real-voice-admin.css/wp-content/plugins/real-voice/admin/js/real-voice-admin.js/wp-content/plugins/real-voice/public/css/real-voice-public.css/wp-content/plugins/real-voice/public/js/real-voice-public.js/wp-content/plugins/real-voice/blocks/build/index.css/wp-content/plugins/real-voice/blocks/build/index.js
Script Paths
/wp-content/plugins/real-voice/admin/js/real-voice-admin.js/wp-content/plugins/real-voice/public/js/real-voice-public.js/wp-content/plugins/real-voice/blocks/build/index.js
Version Parameters
real-voice/admin/css/real-voice-admin.css?ver=real-voice/admin/js/real-voice-admin.js?ver=real-voice/public/css/real-voice-public.css?ver=real-voice/public/js/real-voice-public.js?ver=real-voice/blocks/build/index.css?ver=real-voice/blocks/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
daextrevo-admin-menudaextrevo-api-log-menudaextrevo-maintenance-menudaextrevo-options-menu
Data Attributes
data-daextrevo-audio-iddata-daextrevo-audio-player-settings
JS Globals
DaextrevoAdminDaextrevoPublicDaextrevoBlock
REST Endpoints
/wp-json/daextrevo/v1/get-audio-files/wp-json/daextrevo/v1/save-audio-settings/wp-json/daextrevo/v1/save-posts-settings/wp-json/daextrevo/v1/get-posts-settings/wp-json/daextrevo/v1/get-api-logs/wp-json/daextrevo/v1/delete-api-logs
Shortcode Output
[real_voice_audio]
FAQ

Frequently Asked Questions about Real Voice – Text to Speech