CVE-2024-10938

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L                                    

Vulnerability Description

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper function of a site.

Vulnerability Details

Published Date

February 27, 2026

Last Modified

February 27, 2026

CWE ID

CWE-506

Source

NVD

Vendor

moneytigo

Product

OVRI Payment

External References

https://plugins.trac.wordpress.org/browser/moneytigo/tags/1.7.0/.htaccess
https://plugins.trac.wordpress.org/browser/moneytigo/tags/1.7.0/assets/.htaccess
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b45674c-8446-44eb-a45a-15dab02c89cf?source=cve

CVE-2024-10938

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment