WP-Safety

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Security & Risk Analysis

wordpress.org/plugins/voice-widgets

Voice Message Recorder for Forms, Forums. AI Powered. Speaking Test - Language Learning. Speak to users. Text to Speech, Speech to Text, Voice Search

400 active installs v6.7.6 PHP 5.6+ WP 4.9+ Updated Apr 13, 2026
audiovoicevoice-mailvoice-messagevoice-search
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Safe to Use in 2026?

Generally Safe

Score 100/100

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "voice-widgets" plugin v6.7.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and incorporating a significant number of nonce and capability checks. The absence of any recorded CVEs and past vulnerabilities is also a strong indicator of a generally well-maintained codebase. However, there are notable areas of concern, particularly related to its attack surface and code signals.

Specifically, the plugin has two AJAX handlers that lack authentication checks, presenting a direct entry point for potential unauthorized actions. Furthermore, the presence of the `unserialize` function, while not flagged as a critical taint flow, carries inherent risks if the data being unserialized is not strictly controlled or validated, potentially leading to remote code execution. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which warrants further investigation. The 69% output escaping rate suggests that a portion of the plugin's output may not be properly sanitized, increasing the risk of cross-site scripting (XSS) vulnerabilities.

In conclusion, the plugin's clean vulnerability history and strong SQL practices are commendable. Nevertheless, the unprotected AJAX endpoints and the use of `unserialize` introduce significant risks that need to be addressed. While the current taint analysis doesn't point to immediate critical issues, the potential for unsanitized paths and insufficient output escaping requires careful attention to prevent security breaches.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • Flows with unsanitized paths found
  • Significant portion of output unescaped
Vulnerabilities
None known

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Release Timeline

v6.7.6Current
v6.7.5
v6.3.0
v6.2.0
v6.1.0
v6.0.0
v5.9.0
v5.8.0
v5.7.0
v5.6.0
v5.5.0
v5.4.0
v5.3.0
v5.1.0
v5.0.0
v4.8.0
v4.7.0
v4.6.0
v4.5.0
v4.3.0
Code Analysis
Analyzed Mar 16, 2026

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
119
264 escaped
Nonce Checks
8
Capability Checks
9
File Operations
7
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$text_to_speech_select_pages=unserialize(get_option('qcld_page_call_text_to_speech_show_pages_list')qcld-voice-to-text-speech.php:391
unserialize$qcld_page_call_text_to_speech_select_pages = unserialize(get_option('qcld_page_call_text_to_speech_templates\voice_to_text_speech.php:112
unserialize$qcld_disable_custom_posts = unserialize(get_option('qcld_page_call_text_to_speech_disable_custom_potemplates\voice_to_text_speech.php:175

Bundled Libraries

jQuery

Output Escaping

69% escaped383 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
qc_wpvoicemessage_stt_voice_api_ajax (qcld_openai_speech_to_text.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Attack Surface

Entry Points23
Unprotected2

AJAX Handlers 11

authwp_ajax_qc_voice_widgets_process_qc_promo_formqc-support-promo-page\class-qc-support-promo-page.php:116
authwp_ajax_qcld_recommend_support_function_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:8
authwp_ajax_qc_voice_to_speech_stt_transcribe_onlyqcld-openai-voice-transcriber.php:219
authwp_ajax_qc_wpvoicemessage_stt_voice_api_ajaxqcld_openai_speech_to_text.php:39
noprivwp_ajax_qc_wpvoicemessage_stt_voice_api_ajaxqcld_openai_speech_to_text.php:40
authwp_ajax_qc_voice_stt_handle_uploadqcld_openai_speech_to_text.php:42
noprivwp_ajax_qc_voice_stt_handle_uploadqcld_openai_speech_to_text.php:43
authwp_ajax_qcld_voice_stt_gc_client_downloadqcld_speech_to_text.php:323
noprivwp_ajax_qcld_voice_stt_gc_client_downloadqcld_speech_to_text.php:324
authwp_ajax_qcld_audio_savevoice-widgets.php:110
noprivwp_ajax_qcld_audio_savevoice-widgets.php:111

Shortcodes 12

[wp_button_text_to_speech] qcld-voice-to-text-speech.php:72
[Wp_Button_Text_To_Speech] qcld-voice-to-text-speech.php:73
[wp_button_voice_box] qcld-voice-to-text-speech.php:76
[WpButtonVoiceBox] qcld-voice-to-text-speech.php:77
[WpTextBox] qcld-voice-to-text-speech.php:78
[wp_button_voice] qcld-voice-to-text-speech.php:81
[wpButtonListenToPost] qcld-voice-to-text-speech.php:82
[wpButtonListen] qcld-voice-to-text-speech.php:83
[qcld_stt_form] qcld_speech_to_text.php:8
[qcld_mp3_transcribe_form] qcld_speech_to_text.php:10
[qcwpvoicemessage] voice-widgets-cf7.php:9
[qc_audio] voice-widgets.php:93
WordPress Hooks 35
actionadmin_headclass-dna88-free-plugin-upgrade-notice.php:37
actionplugin_row_metaclass-dna88-free-plugin-upgrade-notice.php:126
actionadmin_menuclass-dna88-free-plugin-upgrade-notice.php:166
actionwp_enqueue_scriptsinc\voice-search\voice-search.php:4
actionadmin_menuqc-support-promo-page\class-qc-support-promo-page.php:32
actionadmin_enqueue_scriptsqc-support-promo-page\class-qc-support-promo-page.php:62
actionadmin_menuqcld-openai-voice-transcriber.php:5
actionadmin_enqueue_scriptsqcld-openai-voice-transcriber.php:19
actionwp_enqueue_scriptsqcld-voice-to-text-speech.php:5
filterthe_titleqcld-voice-to-text-speech.php:355
actioninitqcld-voice-to-text-speech.php:360
actionloop_startqcld-voice-to-text-speech.php:370
filterthe_contentqcld-voice-to-text-speech.php:375
actionwpcf7_initvoice-widgets-cf7.php:7
actionadmin_initvoice-widgets-cf7.php:14
filterwpcf7_posted_datavoice-widgets-cf7.php:18
filterwpcf7_special_mail_tagsvoice-widgets-cf7.php:20
filterwpcf7_spamvoice-widgets-cf7.php:247
actionwpcf7_before_send_mailvoice-widgets-cf7.php:259
actionplugins_loadedvoice-widgets.php:89
actioninitvoice-widgets.php:90
actionadmin_enqueue_scriptsvoice-widgets.php:91
actionwp_enqueue_scriptsvoice-widgets.php:92
actionload-post.phpvoice-widgets.php:95
actionload-post-new.phpvoice-widgets.php:96
actionsave_postvoice-widgets.php:97
filtermanage_wp_voicemsg_record_posts_columnsvoice-widgets.php:99
actionmanage_wp_voicemsg_record_posts_custom_columnvoice-widgets.php:100
actionadmin_menuvoice-widgets.php:104
actionadmin_initvoice-widgets.php:106
actionadmin_initvoice-widgets.php:108
actionadmin_initvoice-widgets.php:113
actionadd_meta_boxesvoice-widgets.php:400
actionactivated_pluginvoice-widgets.php:680
actionadmin_initvoice-widgets.php:706
Maintenance & Trust

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version5.6
Downloads14K

Community Trust

Rating100/100
Number of ratings16
Active installs400
Alternatives

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Alternatives

PodInbox – Accept Voice Messages on Your Website

PodInbox – Accept Voice Messages on Your Website

podinbox-accept-voice-messages-on-your-website

A
85

PodInbox lets you easily accept audio messages on your website. With our plugin, your site visitors can record, preview, & send you voice messages.

10 No CVEs
Voice Recording Field for WPForms

Voice Recording Field for WPForms

voice-recording-field-for-wpforms

A
100

Add voice recording functionality to WPForms. Record voice messages directly in your forms with a custom field type.

30 No CVEs
ResponsiveVoice Text To Speech

ResponsiveVoice Text To Speech

responsivevoice-text-to-speech

A
92

ResponsiveVoice the leading HTML5 text to speech synthesis solution, is now available for WordPress. Over 51 languages through 168 voices.

7K 1 CVE
Category AJAX Filter – Advanced Filter for Posts & Custom Post Types

Category AJAX Filter – Advanced Filter for Posts & Custom Post Types

category-ajax-filter

A
97

Filter WordPress posts and custom post types by categories, tags, and taxonomies with AJAX-powered filtering — no page reload required.

6K 1 CVE
BeyondWords – Text-to-Speech

BeyondWords – Text-to-Speech

speechkit

A
100

BeyondWords is the AI voice platform that brings frictionless audio publishing to newsrooms, writers, and businesses.

900 No CVEs
Developer Profile

Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
243 days
View full developer profile
Detection Fingerprints

How We Detect Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/voice-widgets/assets/css/audio_admin.css/wp-content/plugins/voice-widgets/assets/css/font-awesome.min.css/wp-content/plugins/voice-widgets/assets/css/audio_frontend.css/wp-content/plugins/voice-widgets/assets/js/audio_admin.js/wp-content/plugins/voice-widgets/assets/audio/WebAudioRecorder.min.js/wp-content/plugins/voice-widgets/assets/js/audio_frontend.js
Script Paths
/wp-content/plugins/voice-widgets/assets/js/audio_admin.js/wp-content/plugins/voice-widgets/assets/audio/WebAudioRecorder.min.js/wp-content/plugins/voice-widgets/assets/js/audio_frontend.js
Version Parameters
voice-widgets/assets/css/audio_admin.css?ver=voice-widgets/assets/css/font-awesome.min.css?ver=voice-widgets/assets/css/audio_frontend.css?ver=voice-widgets/assets/js/audio_admin.js?ver=voice-widgets/assets/audio/WebAudioRecorder.min.js?ver=voice-widgets/assets/js/audio_frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
qcld-voice-widget-wrap
Data Attributes
data-nonce="voice-widgets"data-ajax_url="admin-ajax.php"
JS Globals
voice_obj
Shortcode Output
[qc_audio]
FAQ

Frequently Asked Questions about Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching