PT-2026-30344 · Oracle+1 · Mysql Server+1
Kazuma Matsumoto
·
Published
2026-04-04
·
Updated
2026-04-07
·
CVE-2026-1233
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Text to Speech for WP (AI Voices by Mementor) versions up to and including 1.9.8
Description
The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress contains hardcoded MySQL database credentials for the vendor's external telemetry server within the
Mementor TTS Remote Telemetry class. This allows unauthenticated attackers to extract and decode these credentials, potentially gaining unauthorized write access to the vendor's telemetry database.Recommendations
Update the Text to Speech for WP (AI Voices by Mementor) plugin to a version later than 1.9.8.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql Server
Text To Speech For Wp