PT-2025-42693 · WordPress · Gspeech Tts – Wordpress Text To Speech Plugin

Moose Love

Published

2025-10-18

Updated

2025-10-18

CVE-2025-10187

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GSpeech TTS – WordPress Text To Speech Plugin versions through 3.17.13

Description The GSpeech TTS – WordPress Text To Speech Plugin is susceptible to SQL Injection due to inadequate input sanitization and query preparation. This allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing database queries. This can lead to the extraction of sensitive information from the database via the field parameter.

Recommendations Update the GSpeech TTS – WordPress Text To Speech Plugin to a version later than 3.17.13.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-10187

Affected Products

Gspeech Tts – Wordpress Text To Speech Plugin

PT-2025-42693 · WordPress · Gspeech Tts – Wordpress Text To Speech Plugin

CVE-2025-10187

Weakness Enumeration

Related Identifiers

Affected Products

References · 7