Does Spoken Search have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Spoken Search compatible with WordPress 6.2.9?

According to WordPress.org data, Spoken Search 1.2 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Spoken Search compatible with PHP 5.6+?

Spoken Search requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Spoken Search updated?

Spoken Search was last updated on Apr 12, 2023. Frequent updates are generally a positive security signal.

What is Spoken Search's security score?

Spoken Search has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Spoken Search Security & Risk Analysis

wordpress.org/plugins/spoken-search

Give website visitors the option to search your site by voice in any browser, on any device.

10 active installs v1.2 PHP 5.6+ WP 4.0+ Updated Apr 12, 2023

mobile-voice-searchsearch-by-voicespeech-searchspoken-searchvoice-search

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Spoken Search Safe to Use in 2026?

Generally Safe

Score 85/100

Spoken Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "spoken-search" v1.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions and exclusively using prepared statements for SQL queries, which significantly mitigates the risk of SQL injection. Furthermore, the absence of known CVEs and a clean vulnerability history suggests a relatively well-maintained plugin in terms of past security issues. However, a significant concern arises from the large attack surface without adequate authentication. With 9 out of 10 entry points, including all AJAX handlers, lacking proper authorization checks, this plugin is highly vulnerable to unauthorized actions if an attacker can trigger these entry points. While taint analysis shows no unsanitized paths, the lack of capability checks and nonce checks on the majority of AJAX handlers presents a substantial risk of privilege escalation or arbitrary action execution.

Key Concerns

Numerous unprotected AJAX handlers
Limited capability checks
Insufficient nonce checks on AJAX
Moderate output escaping issues

Vulnerabilities

None known

Spoken Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Spoken Search Release Timeline

v1.2Current

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Spoken Search Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

93 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped124 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

ss2t_send_to_search_results (inc/parts/ss2t_functions.php:23)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Spoken Search Attack Surface

Entry Points10

Unprotected9

AJAX Handlers 9

authwp_ajax_ss2t_search_historyinc/SS2T.php:106

noprivwp_ajax_ss2t_search_historyinc/SS2T.php:107

authwp_ajax_ss2t_send_to_search_resultsinc/SS2T.php:108

noprivwp_ajax_ss2t_send_to_search_resultsinc/SS2T.php:109

authwp_ajax_ss2t_load_search_resultsinc/SS2T.php:110

noprivwp_ajax_ss2t_load_search_resultsinc/SS2T.php:111

authwp_ajax_ss2t_get_spoken_tokeninc/SS2T.php:112

noprivwp_ajax_ss2t_get_spoken_tokeninc/SS2T.php:113

authwp_ajax_ss2t_exclude_includeinc/SS2T.php:114

Shortcodes 1

[ss2t] inc/parts/ss2t_shortcodes.php:9

WordPress Hooks 12

actionadmin_menuinc/SS2T.php:101

actioninitinc/SS2T.php:102

actionwp_enqueue_scriptsinc/SS2T.php:103

actionadmin_enqueue_scriptsinc/SS2T.php:104

actionpre_get_postsinc/SS2T.php:105

actioninitinc/SS2T.php:117

actionwp_footerinc/parts/ss2t_audio_all.php:4

actionwp_footerinc/parts/ss2t_audio_chrome.php:4

actionwp_footerinc/parts/ss2t_audio_other.php:4

actionwp_footerinc/parts/ss2t_floating_mic.php:4

actionadmin_noticesinc/parts/ss2t_version_check.php:23

actionwidgets_initinc/parts/ss2t_widgets.php:7

Maintenance & Trust

Spoken Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 12, 2023

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Spoken Search Alternatives

Category AJAX Filter – Advanced Filter for Posts & Custom Post Types

category-ajax-filter

Filter WordPress posts and custom post types by categories, tags, and taxonomies with AJAX-powered filtering — no page reload required.

6K 1 CVE

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching

voice-widgets

100

Voice Message Recorder for Forms, Forums. AI Powered. Speaking Test - Language Learning. Speak to users. Text to Speech, Speech to Text, Voice Search

400 No CVEs

Universal Voice Search

universal-voice-search

Add an universal, multi lingual voice to web pages. This plugin will add voice search ability to all web pages. Simply click the microphone and dictat …

200 No CVEs

Answer Engine Optimization

answer-engine-optimization

100

Optimize your content for answer engines like Google's featured snippets, voice search, and AI-powered answer systems.

100 No CVEs

WP Fastest Site Search

wp-fastest-site-search

100

Replace the default search with ExpertRec's powerful and fully customizable WordPress search plugin.

100 No CVEs

Developer Profile

Spoken Search Developer Profile

Twice Two Media

3 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Spoken Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spoken-search/assets/js/ss2t-bundle.min.js/wp-content/plugins/spoken-search/assets/css/ss2t.min.css/wp-content/plugins/spoken-search/assets/css/ss2t-admin.min.css

Script Paths

/wp-content/plugins/spoken-search/assets/js/ss2t-bundle.min.js

Version Parameters

spoken-search/assets/js/ss2t-bundle.min.js?ver=spoken-search/assets/css/ss2t.min.css?ver=spoken-search/assets/css/ss2t-admin.min.css?ver=

HTML / DOM Fingerprints

JS Globals

ss2t_search_historyss2t_send_to_search_resultsss2t_load_search_resultsss2t_get_spoken_tokenss2t_exclude_include

REST Endpoints

/wp-json/spoken-search

FAQ