CleanTalk's blog

How to Reduce Server Load by Simply Filtering Bad Traffic

Anti-Spam, CleanTalk

April 24, 2026

When a website starts slowing down, many teams immediately think about scaling infrastructure: adding CPU, RAM, more servers, or optimizing the database. In reality, a significant part of server load is often caused not by real users, but by automated traffic — bots, scrapers, vulnerability scanners, spam robots, and aggressive crawlers. These requests may continuously
Read more

FEEDBACK LOG

My Homepage on How Spam Activity Changes Over Time — and Why It’s Not Related to License Expiration
Flamingo Spam Protection in 2026: Stop Contact Form 7 Spam on How to Stop Spam in Contact Form 7: Best Protection Methods in 2026
Almaz M on Our Investigation of the Hack of One Website (OR: How We Investigated a Hack of One Website)
Paul on Our Investigation of the Hack of One Website (OR: How We Investigated a Hack of One Website)
How to save resources and to attract more customers for hosting company. – CleanTalk's blog on How Much Server Resources Spam Bots Waste

The Latest

CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

Security, Security issues

·

September 26, 2023

While examining the plugin during the testing phase, we uncovered a vulnerability that enables the execution of Stored Cross-Site Scripting (XSS) attacks, accomplished by incorporating a shortcode into a new post. This vulnerability has the potential to lead to the compromise of user accounts, particularly those of contributors. Main info: CVE CVE-2023-4646 Plugin Simple Posts…
CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

Security, Security issues

·

September 26, 2023

During the plugin’s testing phase, a vulnerability was identified that enables the execution of Stored XSS by an attacker who embeds a shortcode in a new post, potentially leading to an account takeover. Main info: CVE CVE-2023-4798 Plugin User Avatar – Reloaded Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023 Researcher…
CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

Security, Security issues

·

September 26, 2023

During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users…
CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

Security, Security issues

·

September 26, 2023

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover Main info: CVE CVE-2023-4289 Plugin WP Matterport Shortcode Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023…

How to Reduce Server Load by Simply Filtering Bad Traffic

FEEDBACK LOG

The Latest

Collect Website Feedback Directly on Your Pages: A New Tool from the CleanTalk Team

Klaviyo Web Forms Spam Protection in 2026

HappyForms Spam Protection in 2026. How to Stop Fake Messages, Bot Submissions, and Junk Entries

Flamingo Spam Protection in 2026. How to Protect Contact Form 7 Messages and Stored Submissions

WooCommerce: How to Stop Fake Orders and Spam Signups

7 Ways to Prevent Fake Registrations on WordPress (with CleanTalk)

CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

CleanTalk

Anti-Spam

Security