We’ve been using CleanTalk for the past week and it’s been brilliant at blocking spam, all was looking good and we have now signed up for a subscription.
However, I’ve just noticed a VERY SERIOUS flaw with the WordPress Plugin.
From the settings screen you can click ‘Click here to get anti-spam statistics’. This creates a token that bypasses the CleanTalk dashboard login and shows statistics for ALL WEBSITES that have been added. It seems to be unnecessary to have this functionality, simply requesting login to CleanTalk would make this much more secure and less vulnerable to being abused.
It’s therefore useless having a multi-site licence as they would all be able to see personal data from each site. In its current format the plugin does not comply with local laws or GDPR. We will have to cancel our subscription and remove this from our sites again until this has been addressed.
- The topic ‘Serious Security Issue with CleanTalk’ is closed to new replies.