WP-Safety

BeyondWords – Text-to-Speech Security & Risk Analysis

wordpress.org/plugins/speechkit

BeyondWords is the AI voice platform that brings frictionless audio publishing to newsrooms, writers, and businesses.

900 active installs v6.3.0 PHP 8.0+ WP 5.8+ Updated Apr 12, 2026
aiaudiotext-to-speechttsvoice-cloning
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BeyondWords – Text-to-Speech Safe to Use in 2026?

Generally Safe

Score 100/100

BeyondWords – Text-to-Speech has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "speechkit" v6.2.0 plugin exhibits a strong security posture based on the provided static analysis. All identified entry points (AJAX handlers, REST API routes, and shortcodes) appear to have proper authentication and authorization checks in place, with zero unprotected entry points. The code also demonstrates excellent output sanitization, with 100% of outputs being properly escaped, and a complete absence of taint flows indicating no critical or high severity vulnerabilities related to unsanitized data. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a commitment to security by the developers. However, a notable area for improvement is the SQL query handling. While there are SQL queries present, only 50% of them utilize prepared statements. This reliance on raw SQL for half of the database interactions presents a potential risk for SQL injection vulnerabilities if the inputs are not meticulously sanitized elsewhere, though no such issues were flagged in the taint analysis. The presence of file operations and external HTTP requests, while not inherently risky, warrants careful review in a deeper analysis to ensure these functions are implemented securely. Overall, "speechkit" v6.2.0 is a well-secured plugin with robust input/output handling and a clean security history, but the partial use of prepared statements for SQL queries is a point of concern that could be mitigated.

Key Concerns

  • 50% of SQL queries do not use prepared statements
Vulnerabilities
None known

BeyondWords – Text-to-Speech Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BeyondWords – Text-to-Speech Release Timeline

v6.3.0Current
v6.2.0
v6.1.0
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.0.0
v5.5.0
v5.4.0
v5.3.1
v5.3.0
v5.2.2
v5.2.1
v5.2.0
v5.1.0
v5.0.0
v4.7.0
v4.6.2
v4.6.1
Code Analysis
Analyzed Mar 16, 2026

BeyondWords – Text-to-Speech Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
1
275 escaped
Nonce Checks
11
Capability Checks
8
File Operations
1
External Requests
3
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

50% prepared4 total queries

Output Escaping

100% escaped276 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

5 flows
generatedNotice (src\Component\Posts\BulkEdit\Notices.php:45)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BeyondWords – Text-to-Speech Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 1

authwp_ajax_save_bulk_edit_beyondwordssrc\Component\Posts\BulkEdit\BulkEdit.php:40

REST API Routes 7

GET/wp-json/beyondwords/v1/projects/(?P<projectId>[0-9]+)/content/(?P<beyondwordsId>[a-zA-Z0-9\-]+)src\Component\Post\Panel\Inspect\Inspect.php:342
GET/wp-json/beyondwords/v1/projects/(?P<projectId>[0-9]+)/player-stylessrc\Component\Post\PlayerStyle\PlayerStyle.php:155
GET/wp-json/beyondwords/v1/languagessrc\Component\Post\SelectVoice\SelectVoice.php:284
GET/wp-json/beyondwords/v1/languages/(?P<languageCode>[a-zA-Z0-9-_]+)/voicessrc\Component\Post\SelectVoice\SelectVoice.php:291
GET/wp-json/beyondwords/v1/settingssrc\Component\Settings\Settings.php:393
GET/wp-json/beyondwords/v1/settingssrc\Component\Settings\Settings.php:400
GET/wp-json/beyondwords/v1/settings/notices/review/dismisssrc\Component\Settings\Settings.php:407

Shortcodes 1

[beyondwords_player] src\Core\Player\Player.php:50
WordPress Hooks 88
actiongraphql_register_typessrc\Compatibility\WPGraphQL\WPGraphQL.php:30
actioninitsrc\Component\Post\AddPlayer\AddPlayer.php:37
actionenqueue_block_editor_assetssrc\Component\Post\AddPlayer\AddPlayer.php:38
actionadmin_headsrc\Component\Post\AddPlayer\AddPlayer.php:40
filtertiny_mce_before_initsrc\Component\Post\AddPlayer\AddPlayer.php:41
filtermce_external_pluginssrc\Component\Post\AddPlayer\AddPlayer.php:43
filtermce_buttonssrc\Component\Post\AddPlayer\AddPlayer.php:44
filtermce_csssrc\Component\Post\AddPlayer\AddPlayer.php:45
filterregister_block_type_argssrc\Component\Post\BlockAttributes\BlockAttributes.php:35
filterregister_block_type_argssrc\Component\Post\BlockAttributes\BlockAttributes.php:36
actionwp_loadedsrc\Component\Post\DisplayPlayer\DisplayPlayer.php:35
actionenqueue_block_assetssrc\Component\Post\ErrorNotice\ErrorNotice.php:34
actionwp_loadedsrc\Component\Post\GenerateAudio\GenerateAudio.php:35
actionadmin_enqueue_scriptssrc\Component\Post\Metabox\Metabox.php:41
actionadd_meta_boxessrc\Component\Post\Metabox\Metabox.php:42
actionadmin_enqueue_scriptssrc\Component\Post\Panel\Inspect\Inspect.php:35
actionadd_meta_boxessrc\Component\Post\Panel\Inspect\Inspect.php:36
actionrest_api_initsrc\Component\Post\Panel\Inspect\Inspect.php:37
filterdefault_hidden_meta_boxessrc\Component\Post\Panel\Inspect\Inspect.php:39
actionwp_loadedsrc\Component\Post\Panel\Inspect\Inspect.php:41
actionwp_loadedsrc\Component\Post\PlayerContent\PlayerContent.php:52
actionrest_api_initsrc\Component\Post\PlayerStyle\PlayerStyle.php:48
actionwp_loadedsrc\Component\Post\PlayerStyle\PlayerStyle.php:50
actionwp_headsrc\Component\Post\Post.php:26
actionrest_api_initsrc\Component\Post\SelectVoice\SelectVoice.php:36
actionadmin_enqueue_scriptssrc\Component\Post\SelectVoice\SelectVoice.php:37
actionwp_loadedsrc\Component\Post\SelectVoice\SelectVoice.php:39
actionenqueue_block_assetssrc\Component\Post\Sidebar\Sidebar.php:37
actionbulk_edit_custom_boxsrc\Component\Posts\BulkEdit\BulkEdit.php:39
actionwp_loadedsrc\Component\Posts\BulkEdit\BulkEdit.php:42
actionadmin_noticessrc\Component\Posts\BulkEdit\Notices.php:33
actionadmin_noticessrc\Component\Posts\BulkEdit\Notices.php:34
actionadmin_noticessrc\Component\Posts\BulkEdit\Notices.php:35
actionadmin_noticessrc\Component\Posts\BulkEdit\Notices.php:36
actionwp_loadedsrc\Component\Posts\Column\Column.php:51
actionpre_get_postssrc\Component\Posts\Column\Column.php:64
actionadmin_initsrc\Component\Settings\Fields\ApiKey\ApiKey.php:41
actionadmin_initsrc\Component\Settings\Fields\AutoPublish\AutoPublish.php:48
actionadmin_initsrc\Component\Settings\Fields\CallToAction\CallToAction.php:41
actionadmin_initsrc\Component\Settings\Fields\IncludeExcerpt\IncludeExcerpt.php:47
actionadmin_initsrc\Component\Settings\Fields\IncludeTitle\IncludeTitle.php:48
actionadmin_initsrc\Component\Settings\Fields\IntegrationMethod\IntegrationMethod.php:68
actionadmin_initsrc\Component\Settings\Fields\Language\Language.php:40
actionadmin_initsrc\Component\Settings\Fields\PlaybackControls\PlaybackControls.php:46
actionadmin_initsrc\Component\Settings\Fields\PlaybackFromSegments\PlaybackFromSegments.php:48
actionadmin_initsrc\Component\Settings\Fields\PlayerColors\PlayerColors.php:55
actionadmin_initsrc\Component\Settings\Fields\PlayerColors\PlayerColors.php:56
actionadmin_initsrc\Component\Settings\Fields\PlayerStyle\PlayerStyle.php:46
actionadmin_initsrc\Component\Settings\Fields\PlayerUI\PlayerUI.php:45
actionadmin_initsrc\Component\Settings\Fields\PreselectGenerateAudio\PreselectGenerateAudio.php:46
actionadmin_enqueue_scriptssrc\Component\Settings\Fields\PreselectGenerateAudio\PreselectGenerateAudio.php:47
actionadmin_initsrc\Component\Settings\Fields\ProjectId\ProjectId.php:41
actionadmin_initsrc\Component\Settings\Fields\SpeakingRate\BodyVoiceSpeakingRate.php:41
actionadmin_initsrc\Component\Settings\Fields\SpeakingRate\TitleVoiceSpeakingRate.php:41
actionadmin_initsrc\Component\Settings\Fields\TextHighlighting\TextHighlighting.php:49
actionadmin_initsrc\Component\Settings\Fields\Voice\BodyVoice.php:42
actionadmin_initsrc\Component\Settings\Fields\Voice\TitleVoice.php:42
actionadmin_initsrc\Component\Settings\Fields\WidgetPosition\WidgetPosition.php:41
actionadmin_initsrc\Component\Settings\Fields\WidgetStyle\WidgetStyle.php:41
actionadmin_menusrc\Component\Settings\Settings.php:61
actionadmin_noticessrc\Component\Settings\Settings.php:62
actionadmin_noticessrc\Component\Settings\Settings.php:63
actionadmin_noticessrc\Component\Settings\Settings.php:64
actionadmin_enqueue_scriptssrc\Component\Settings\Settings.php:65
actionload-settings_page_beyondwordssrc\Component\Settings\Settings.php:66
actionrest_api_initsrc\Component\Settings\Settings.php:68
filterplugin_action_links_speechkit/speechkit.phpsrc\Component\Settings\Settings.php:70
actionload-settings_page_beyondwordssrc\Component\Settings\Sync.php:69
actionload-settings_page_beyondwordssrc\Component\Settings\Sync.php:72
actionshutdownsrc\Component\Settings\Sync.php:73
actionadmin_initsrc\Component\Settings\Tabs\Content\Content.php:43
actionadmin_initsrc\Component\Settings\Tabs\Credentials\Credentials.php:38
actionadmin_initsrc\Component\Settings\Tabs\Player\Player.php:51
actionadmin_initsrc\Component\Settings\Tabs\Pronunciations\Pronunciations.php:33
actionadmin_initsrc\Component\Settings\Tabs\Summarization\Summarization.php:33
actionadmin_initsrc\Component\Settings\Tabs\Voices\Voices.php:43
filterdebug_informationsrc\Component\SiteHealth\SiteHealth.php:84
actionenqueue_block_editor_assetssrc\Core\Core.php:25
actioninitsrc\Core\Core.php:26
actionwp_after_insert_postsrc\Core\Core.php:29
actionwp_trash_postsrc\Core\Core.php:32
actionbefore_delete_postsrc\Core\Core.php:33
filteris_protected_metasrc\Core\Core.php:35
filterget_post_metadatasrc\Core\Core.php:38
actioninitsrc\Core\Player\Player.php:37
filterthe_contentsrc\Core\Player\Player.php:40
filterthe_contentsrc\Core\Player\Player.php:41
filternewsstand_the_contentsrc\Core\Player\Player.php:42
Maintenance & Trust

BeyondWords – Text-to-Speech Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 12, 2026
PHP min version8.0
Downloads94K

Community Trust

Rating72/100
Number of ratings27
Active installs900
Alternatives

BeyondWords – Text-to-Speech Alternatives

AI Text to Speech – TTS Plugin For WordPress

AI Text to Speech – TTS Plugin For WordPress

ai-text-to-speech

A
99

Easily generate a realistic audio version for your content and posts using OpenAI's Text to Speech API.

70 1 CVE
Simple Text to Speech

Simple Text to Speech

simple-text-to-speech

A
100

Easily generate audio version of your content using Google Cloud Text-to-Speech API.

10 No CVEs
Post2Podcast

Post2Podcast

post2podcast

A
100

Transform your WordPress blog posts into engaging podcast episodes with AI-powered two-speaker conversations.

0 No CVEs
Text To Speech TTS Accessibility

Text To Speech TTS Accessibility

text-to-audio

A
99

Free text to speech with browser voices + premium AI voices from Google, OpenAI & ElevenLabs. Add an audio player to any WordPress post.

4K 1 CVE
GSpeech TTS – WordPress Text To Speech Plugin

GSpeech TTS – WordPress Text To Speech Plugin

gspeech

A
99

Free WordPress Text to Speech plugin with AI voices. Add an audio player to WordPress posts, pages and WooCommerce products to improve accessibility.

3K 1 CVE
Developer Profile

BeyondWords – Text-to-Speech Developer Profile

BeyondWords (formerly SpeechKit)

1 plugin · 900 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BeyondWords – Text-to-Speech

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/speechkit/src/Component/Post/AddPlayer/tinymce.js/wp-content/plugins/speechkit/src/Component/Post/AddPlayer/AddPlayer.css/wp-content/plugins/speechkit/src/Component/Post/ErrorNotice/error-notice.css/wp-content/plugins/speechkit/src/Component/Post/Metabox/metabox.css/wp-content/plugins/speechkit/src/Component/Post/Metabox/metabox.js/wp-content/plugins/speechkit/src/Component/Post/GenerateAudio/generate-audio.css/wp-content/plugins/speechkit/src/Component/Post/GenerateAudio/generate-audio.js/wp-content/plugins/speechkit/src/Component/Post/DisplayPlayer/display-player.css+9 more
Script Paths
/wp-content/plugins/speechkit/vendor/autoload.php/wp-content/plugins/speechkit/src/Component/Post/AddPlayer/tinymce.js/wp-content/plugins/speechkit/src/Component/Post/Metabox/metabox.js/wp-content/plugins/speechkit/src/Component/Post/GenerateAudio/generate-audio.js/wp-content/plugins/speechkit/src/Component/Post/DisplayPlayer/display-player.js/wp-content/plugins/speechkit/src/Component/Frontend/Player/player.js+3 more
Version Parameters
speechkit?ver=beyondwords-AddPlayer?ver=beyondwords-ErrorNotice?ver=beyondwords-Metabox?ver=beyondwords-GenerateAudio?ver=beyondwords-DisplayPlayer?ver=beyondwords-Player?ver=beyondwords-EmbedPlayer?ver=beyondwords-Admin?ver=beyondwords-Settings?ver=

HTML / DOM Fingerprints

CSS Classes
beyondwords-playerbeyondwords-player-wrapperbeyondwords-player-containerbeyondwords-audio-playerbeyondwords-audio-player-containerbeyondwords-audio-player-controlsbeyondwords-audio-player-play-buttonbeyondwords-audio-player-pause-button+22 more
HTML Comments
<!-- BeyondWords audio player --><!-- BeyondWords player placeholder --><!-- BeyondWords error notice --><!-- BeyondWords metabox -->+5 more
Data Attributes
data-beyondwords-playerdata-bw-playerdata-bw-iddata-bw-slugdata-bw-autoplaydata-bw-loop+6 more
JS Globals
BeyondwordsPlayerbeyondwords_player_paramswindow.BeyondwordsPlayerwindow.beyondwords_player_params
Shortcode Output
[beyondwords_player][beyondwords-player][beyondwords_embed_player]
FAQ

Frequently Asked Questions about BeyondWords – Text-to-Speech