SQL Injection vulnerability discovered in CleanTalk Spam Protect Plugin

The Wordfence Threat Intelligence Team recently revealed the details of a SQL injection flaw in the CleanTalk Spam Protect plugin which is installed on over 100,000 WordPress websites!

On March 4, 2021, the WordFence Team contacted the plugin’s developer and submitted the full disclosure on March 5, 2021. On March 10, 2021, a patched version of the plugin, version 5.153.4, was released.

Vulnerability: Without logging into the site, this vulnerability may be used to collect sensitive information from the database, such as user emails and password hashes.



This vulnerability was fixed in version 5.153.4, and we highly recommend you to update to the most recent version of the plugin, which is 5.156 as of this writing.


Disclosure: Our content is reader-supported, which means that if you click on some of our links that we may earn a commission.