On Dec 7, 2024, an Arbitrary File Upload vulnerability was found in CleanTalk's Security & Malware scan plugin, affecting over 30,000 WordPress installations. It allowed attackers to upload arbitrary files and execute remote code. Lucio Sá reported it through Wordfence's Bug Bounty Program and received $1,716. CleanTalk responded quickly, releasing a patch on Jan 27, 2025. Users are urged to update to version 2.150. Wordfence provided firewall protection on Jan 14, 2025, with free users receiving it by Feb 13, 2025. The vulnerability exposes sites to severe risk, necessitating swift action to secure affected installations.