The CleanTalk WordPress plugin has a number of uses, but one of its primary purposes is to protect sites against spam comments. Part of how it does this is by maintaining a blocklist and tracking the behavior of different IP addresses, including the user-agent string that browsers send to identify themselves.
Many of our users have CleanTalk installed.
The vulnerability was patched on March 10 and the update was applied to all our client sites within 24 hrs. Fortunately, we’re not aware of any clients having become victims.