Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user (admin+).
Vulnerable functions: `removeLogs` and `removeSpam` at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php
POST /wp-admin/users.php?page=ct_check_users&ct_worked=1 HTTP/1.1
Nguyen Anh Tien
2020-11-20 (about 2 years ago)
2021-01-23 (about 2 years ago)