Description
The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2025-10-18
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection allowing extraction of sensitive database information
Action: Patch
AI Analysis

Impact

The GSpeech TTS – WordPress Text To Speech Plugin contains a parameter, 'field', that is not properly escaped when incorporated into an SQL statement. As a result, authenticated users with Administrator or higher privileges can inject additional SQL commands, enabling the extraction of sensitive data from the WordPress database. This vulnerability is a classic instance of CWE‑89, where improper input validation leads to injection of arbitrary SQL queries.

Affected Systems

All versions of the GSpeech TTS – WordPress Text To Speech Plugin up to and including 3.17.13, supplied by creative‑solutions-1, are affected. The flaw is only exploitable by users who have Administrator level access through the WordPress dashboard.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and the EPSS score of less than 1 % suggests that exploit attempts are currently rare. The vulnerability is not listed in CISA KEV, but the requirement for an authenticated admin account means that a successful attack requires compromised credentials or a brute‑force gain of admin rights. In organizations where user accounts are tightly controlled and strong authentication mechanisms are in place, the immediate risk is lower, but any exposure of an admin account presents a significant threat of data exfiltration.

Generated by OpenCVE AI on April 22, 2026 at 13:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GSpeech TTS plugin to the latest version (≥ 3.18) or apply the vendor’s official patch.
  • If an upgrade cannot be performed immediately, disable or remove the plugin from the WordPress installation until a fix is available.
  • Audit all WordPress administrator accounts to confirm that only legitimate users have admin privileges, and consider tightening role permissions or implementing multi‑factor authentication.

Generated by OpenCVE AI on April 22, 2026 at 13:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Oct 2025 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Creative-solutions-1
Creative-solutions-1 gspeech Tts Wordpress Text To Speech Plugin
Wordpress
Wordpress wordpress
Vendors & Products Creative-solutions-1
Creative-solutions-1 gspeech Tts Wordpress Text To Speech Plugin
Wordpress
Wordpress wordpress

Sat, 18 Oct 2025 07:00:00 +0000

Type Values Removed Values Added
Description The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title GSpeech TTS – WordPress Text To Speech Plugin <= 3.17.13 - Authenticated (Admin+) SQL injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Creative-solutions-1 Gspeech Tts Wordpress Text To Speech Plugin
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:50:09.935Z

Reserved: 2025-09-09T15:31:45.520Z

Link: CVE-2025-10187

cve-icon Vulnrichment

Updated: 2025-10-20T18:55:26.154Z

cve-icon NVD

Status : Deferred

Published: 2025-10-18T07:15:34.520

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-10187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T13:15:17Z

Weaknesses