High CPU usage in PowerPress_PRT_incidence_response function

Is this happening under the very latest version of PowerPress (version 11.97)? If you’re running a previous version, upgrade to this version and see if the problem persists.

Yes this code is in the force updated version from, 11.9.7 that checks for vulnerable usernames.

PowerPress is fixed now. (We did it as soon as we knew). It’s save to update to the latest version what was relisted this morning.

Here is what we said yesterday.

“This morning on June 28th, 2024, a compromised account was used to submit an unauthorized update to the PowerPress plugin. This was quickly patched and replaced with a new update. We are in the process of reviewing the situation. The plugin has been temporarily delisted as an extra security precaution but we are currently working with the WordPress team to get it reinstated”

The current version is patched so you can update or delete the plugin and re-install it and you should be good to go.

@benzoid glad you were able to regain access quickly.

There seems to be some confusion, to confirm the issue is with the code added in the patched version 11.9.7 by the plugin review team that loops through and finds vulnerable administrator usernames, that had been added in previous versions.

Specifically the get_users?function which is looping through all users in the PowerPress_PRT_incidence_response function. This could be changed to loop through admin users only to prevent high cpu usage on sites with lots of users.

• This reply was modified 4 months, 3 weeks ago by Antony Booker.