Malicious File Vulnerability in OVRI Payment Plugin for WordPress
CVE-2024-10938

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Ovri Payment
Vendor: CVE Published:; 27 February 2026

What is CVE-2024-10938?

The OVRI Payment plugin for WordPress suffers from a security flaw due to the presence of malicious .htaccess files in version 1.7.0. These files are designed to block the execution of certain scripts while enabling the execution of known compromised PHP files. If these .htaccess files are moved outside of the plugin's directory, they pose a risk to the overall functionality and security of the WordPress site, potentially leading to the security compromise of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OVRI Payment 1.7.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/moneytigo/tags...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Nov 6, 2024

Credit

Marco Wotschka

JSON

WordPress

What is CVE-2024-10938?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.