High CPU usage in PowerPress_PRT_incidence_response function

  • Resolved Antony Booker

    (@antonynz)


    1 year, 10 months ago

    The PowerPress_PRT_incidence_response function is using the get_users function which loops through all users to check for 3 usernames from the recent compromise. This is causing high server usage on websites with a lot of users (such as a site looping through 18k users).

    Perhaps it could be recoded to only find administrator users?

    • This topic was modified 1 year, 10 months ago by Antony Booker. Reason: Removed misunderstanding of extra admin username checks with 7 characters
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Shawn

    (@shawnogordo)

    1 year, 10 months ago

    Is this happening under the very latest version of PowerPress (version 11.97)? If you’re running a previous version, upgrade to this version and see if the problem persists.

    Thread Starter Antony Booker

    (@antonynz)

    1 year, 10 months ago

    Yes this code is in the force updated version from, 11.9.7 that checks for vulnerable usernames.

    Plugin Support Mike Dell

    (@benzoid)

    1 year, 10 months ago

    PowerPress is fixed now. (We did it as soon as we knew). It’s save to update to the latest version what was relisted this morning.

    Here is what we said yesterday.

    “This morning on June 28th, 2024, a compromised account was used to submit an unauthorized update to the PowerPress plugin. This was quickly patched and replaced with a new update. We are in the process of reviewing the situation. The plugin has been temporarily delisted as an extra security precaution but we are currently working with the WordPress team to get it reinstated”

    Plugin Support Mike Dell

    (@benzoid)

    1 year, 10 months ago

    The current version is patched so you can update or delete the plugin and re-install it and you should be good to go.

    Thread Starter Antony Booker

    (@antonynz)

    1 year, 10 months ago

    @benzoid glad you were able to regain access quickly.

    There seems to be some confusion, to confirm the issue is with the code added in the patched version 11.9.7 by the plugin review team that loops through and finds vulnerable administrator usernames, that had been added in previous versions.

    Specifically the get_users function which is looping through all users in the PowerPress_PRT_incidence_response function. This could be changed to loop through admin users only to prevent high cpu usage on sites with lots of users.

    • This reply was modified 1 year, 10 months ago by Antony Booker.
Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘High CPU usage in PowerPress_PRT_incidence_response function’ is closed to new replies.