Be aware that CleanTalk is putting out misleading information about vulnerabilities in WordPress plugins.

They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn't, only password hashes. That is significantly different.

WPScan also claimed that the vulnerability allowed "account takeover," despite that being unlikely to happen there.