CVE-2024-10938
Malicious .htaccess Files in OVRI Payment Plugin
Publication date: 2026-02-27
Last updated on: 2026-02-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ovri | payment_plugin | 1.7.0 |
| moneytigo | ovri_payment_plugin | 1.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-506 | The product contains code that appears to be malicious in nature. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
The OVRI Payment plugin for WordPress version 1.7.0 contains malicious .htaccess files. These files include directives that block the execution of certain scripts while allowing the execution of known malicious PHP files. If these .htaccess files are moved outside the plugin's directory, they can disrupt the normal functioning of the website.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing malicious PHP files to execute on your WordPress site, potentially leading to unauthorized actions or disruptions. Additionally, if the malicious .htaccess files are moved outside the plugin directory, they may interfere with the proper operation of your website, causing functionality issues.