CVE-2024-10938

MEDIUM

OVRI Payment 1.7.0 - Malicious File Execution

Title source: llm

Description

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper function of a site.

References (3)

[Product] https://plugins.trac.wordpress.org/browser/moneytigo/tags/1.7.0/.htaccess

[Product] https://plugins.trac.wordpress.org/browser/moneytigo/tags/1.7.0/assets/.htaccess

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/2b45674c-8446-44eb-a45a-15dab02c89cf?source=cve

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-506

Status draft

Timeline

Published Feb 27, 2026

Tracked Since Feb 27, 2026