jordantrizz

You most likely are suffering from either a resource attack, a bot or crawler is triggering resource usage or something is not using the object cache in the WordPress API and just using MySQL directly. It could also be a combination.

Check your access log for suspicious traffic, or as Till suggested use an APM to figure out what is causing the spike.

Thank you!

@gagan0123

Thank you for the reply and for providing a more in-depth update. What was the specific concern of the reporter? I’ve never used this feature, so I’m interested in why they thought it was a security concern.

@gagan0123

Do you mean the leading reporter of CVEs? https://jerrygamblin.com/2024/01/03/2023-cve-data-review/

There’s a gaping hole of observability on WordPress plugin security issues and data leakage. So instead of a full disclosure of what was reported and why you consider it irrelevant, you simply made the decision for everyone who utilizes your plugin. Your plugin is open source, and as such you should be more transparent about reports like this, even if they’re incorrect.

Also, Patchstack removed the report. No hate, I’m sure you would want other developers and companies to be transparent about this same subject.

Thanks for responding Harish!

Thanks, should I make a Github issue?

Thanks for the reply. So at this time it’s not fixed in the free version on the WordPress plugin repository? Do you have an ETA. This plugin is unusable at this time.

@nathanbrnrd yes, this was resolved. It turned out that a must-use plugin was in place messing with the wp_mail. Once removed, I was successful in sending from different addresses. So just ensure you have no plugins or mu-plugins touching the wp_mail function.

Thanks for the reply Amimul, unfortunately, what you describe is not occurring.

Setting up two Postmark SMTP accounts, one with [email protected] and another with [email protected] and setting the wp_mail() headers “From” to [email protected] will still result in [email protected] being used.

This is the case with manually sending an email using wp_mail(), Gravity Forms and Contact Form 7.

Thanks Amimul,

Currently, PHP 8.1.10 is stable, and the library https://github.com/googleapis/google-api-php-client within your plugin is quite old and problematic.

Should I be submitting this to the Github repository instead?

Another option is this library https://github.com/snicco/http-routing-bundle

• This reply was modified 2 years, 6 months ago by jordantrizz.

I’m so sorry Amimul, I think spell check automatically changed it to Animal.

Thanks for responding. So there is no way to configure FluentSMTP manually without having to go through the setup wizard? Do you know if this will be something that will be available in the future? Similar to the Postmark Plugin? https://www.ads-software.com/plugins/postmark-approved-wordpress-plugin/

Thanks, Animal; however, trying to use another site’s database data from the wp_options table does nothing. Fluent forms still ask to be configured.

Thanks, that’s my error. I didn’t have the Recaptcha v3 setup under actions. This resolved the issue. Perhaps it’s not the best UI/UX choice or at least a note on the Recaptcha v2 field on how to add Recpatcha v3.

Put in two tickets, no response.

You can close this.

• This reply was modified 3 years, 1 month ago by jordantrizz.

The reCaptcha feature is a part of the free plugin, reCaptcha v2 works and v3 is broken. The backend setting fields are there to enable it but there is no code for it to function.