Spam protection, AntiSpam, FireWall by CleanTalk is installed on more than 100,000 sites. The issue (CVE-2021-24295, which carries a high-severity CVSS vulnerability rating of 7.5 out of 10) arises thanks to how it performs that filtering. It maintains a blocklist and tracks the behavior of different IP addresses, including the user-agent string that browsers send to identify themselves. Researchers were able to successfully exploit the vulnerability via the time-based vulnerability in CleanTalk.
Source: https://threatpost.com/anti-spam-wordpress-plugin-expose-data/165901/