SQL Injection Vulnerability Discovered in CleanTalk AntiSpam WordPress Plugin < 5.156
https://www.wordfence.comThere was a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all without logging into the site.
This vulnerability was patched in version 5.153.4, and we strongly recommend updating to the latest version of the plugin, 5.156 as of this writing, immediately.