CleanTalk's blog

How to Stop Spam in Contact Form 7: Best Protection Methods in 2026

Anti-Spam, WordPress

March 26, 2026

Contact Form 7 remains one of the most widely used contact form plugins in the WordPress ecosystem, with more than 10 million active installations listed in the official WordPress plugin directory. It has stayed popular for years because it gives site owners a practical, lightweight, and flexible way to add contact forms without switching to
Read more

FEEDBACK LOG

Almaz M on Our Investigation of the Hack of One Website (OR: How We Investigated a Hack of One Website)
Paul on Our Investigation of the Hack of One Website (OR: How We Investigated a Hack of One Website)
How to save resources and to attract more customers for hosting company. – CleanTalk's blog on How Much Server Resources Spam Bots Waste
ImaginePro on How to Stop Profanity and Obscene Words on Your Website
Best reCAPTCHA Alternatives WordPress on reCAPTCHA v3 always returns 0.9 score. Avoid false positives

The Latest

We Have Reset 178 Passwords That Might Have Been Compromised

Security, Security issues

·

September 29, 2023

While monitoring exposed password databases we found a leaked database that contained 178 compromised credentials of CleanTalk users among other data. These emails/passwords were compromised some time ago and after that were used to create a CleanTalk account by their owners. As soon as we found this potential vulnerability – we immediately reset passwords for…
CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

Security, Security issues

·

September 26, 2023

While evaluating the plugin, we uncovered a vulnerability that permits the execution of Stored Cross-Site Scripting (XSS) on behalf of a contributor. This vulnerability is exploited by inserting a shortcode into a newly created post, potentially resulting in an account takeover. Main info: CVE CVE-2023-4795 Plugin Testimonial Slider Shortcode Critical High Publicly Published September 25,…
CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

Security, Security issues

·

September 26, 2023

During testing, a vulnerability was found that allows, through changing the settings, to implement Stored XSS on all pages where there is a mention of the plugin. This vulnerability is available on behalf of the administrator and allows you to leave javascript “backdoor” when capturing an administrative account, which will allow account takeover. Unfiltered_html capability…
CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

Security, Security issues

·

September 26, 2023

While examining the plugin during the testing phase, we uncovered a vulnerability that enables the execution of Stored Cross-Site Scripting (XSS) attacks, accomplished by incorporating a shortcode into a new post. This vulnerability has the potential to lead to the compromise of user accounts, particularly those of contributors. Main info: CVE CVE-2023-4646 Plugin Simple Posts…

How to Stop Spam in Contact Form 7: Best Protection Methods in 2026

FEEDBACK LOG

The Latest

Events Manager Spam Protection in 2026

Formidable Forms Spam Protection in 2026

CleanTalk Releases version 1.6. Update for the MyBB Anti-Spam Plugin

HivePress Spam Protection in 2026

Is zekisuquc419@gmail.com Spam Bot? How to Stop It

Performance Update: Slow load times on some sites, fix in progress

We Have Reset 178 Passwords That Might Have Been Compromised

CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

CleanTalk

Anti-Spam

Security