Plugin is breaking the permalink structure on menu and cpt

Hi, suddenly the menu is showing the links as “plain permalinks”, and not the “post name” permalinks we have setup on our settings. Also for the submenus from our CPT categories only are showing with the “plain permalink”, as well as an area on the homepage where the CPT posts are listed. After hours searching, and setting a local staging, going the classic way of deactivating and reactivating plugins one by one, CleanTalk Security was the one. I’ve scanned through the settings and asked AI (gpt and claude) and no idea what it might be creating this problem. The posts are accesible using their original “post name” slug, but if someone access by the menu the url will be the “plain permalink” and not the “post name”. I have no idea what to do….

on a separate question. I’ve noticed dozens or hundreds of IP requests usually allowed, accessing invented urls (ie. theprogspace.com/?s=%E4%B8%89%E5%B3%A1%E3%83%80%E3%83%A0+%E6%9C%80%E6%96%B0 or theprogspace.com/?tag=laang-%E5%86%B7 ) and most of them coming from USA > Virginia > different cities. or Texas or New Mexico all different cities — I suspect is bots, but so many? is there a way to prevent accessing nonexistent pages like the example above?

The page I need help with: [log in to see the link]