Home

Description

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper function of a site.

PUBLISHED Reserved 2024-11-06 | Published 2026-02-27 | Updated 2026-02-27 | Assigner Wordfence




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Problem types

CWE-506 Embedded Malicious Code

Product status

Default status
unaffected

1.7.0
affected

Timeline

2026-02-26:Disclosed

Credits

Marco Wotschka finder

References

www.wordfence.com/...-8446-44eb-a45a-15dab02c89cf?source=cve

plugins.trac.wordpress.org/...moneytigo/tags/1.7.0/.htaccess

plugins.trac.wordpress.org/...go/tags/1.7.0/assets/.htaccess

cve.org (CVE-2024-10938)

nvd.nist.gov (CVE-2024-10938)

Download JSON