AI Text to Speech <= 3.0.3 is vulnerable to Broken Access Control vulnerability

Unauthenticated

Published
2025-04-16

The AI Text to Speech – TTS Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

CVE

https://www.cve.org/CVERecord?id=CVE-2025-39554

CVSS

Score:6.5

Severity:Medium

Version: 3.0.3

There is a patch available in v3.0.4 and we strongly recommend you update to this version as soon as possible.