Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
OVRI Payment Plugin for WordPress Allows Malicious Files to Run
CVE-2024-10938
Summary
The OVRI Payment plugin for WordPress contains malicious .htaccess files that could allow attackers to execute malicious PHP files, potentially disrupting site functionality. Affected sites should update to a fixed version of the plugin or remove the malicious files. Removing the files manually may be necessary if the plugin cannot be updated.
Original title
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known...
Original description
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper function of a site.
nvd CVSS3.1
6.5
Vulnerability type
CWE-506
Embedded Malicious Code
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026