CVE-2025-58664
Description
Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility text-to-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Text To Speech TTS Accessibility: from n/a through <= 1.9.30.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization vulnerability in Text To Speech TTS Accessibility plugin allows exploitation of incorrectly configured access control.
The Text To Speech TTS Accessibility plugin for WordPress versions up to 1.9.30 contains a missing authorization vulnerability. This broken access control issue lacks a nonce or capability check in certain functions, allowing unauthenticated or low-privileged users to execute actions that should require higher privileges [1].
Exploitation can be performed remotely without authentication, as the vulnerable functions are exposed via AJAX or direct HTTP requests. Attackers can craft requests to trigger these actions, potentially affecting thousands of websites in mass campaigns [1].
The impact includes the ability to modify settings, access sensitive data, or perform other administrative actions, depending on the missing authorization. This can lead to further compromise of the WordPress installation [1].
The vulnerability has been patched in version 1.9.31. Users are strongly advised to update immediately. For those unable to update, consider contacting a hosting provider or web developer for assistance. Patchstack recommends enabling auto-updates for vulnerable plugins [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.9.30
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.