The Wordfence Threat Intelligence team has reported on two separate vulnerabilities in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin with over 100,000 installations. These were both reflected Cross-Site scripting vulnerabilities which could be used for site takeover if an attacker could successfully trick a site administrator into performing an action, such as clicking a link.
We strongly recommend updating to the latest version available, 5.174.1, as soon as possible.
For more information, please check the official public release.
If you have questions, don’t hesitate to contact our support team.