What is CVE-2024-10938?

CVE-2024-10938 is a medium severity vulnerability in the OVRI Payment plugin for WordPress, specifically in version 1.7.0. It involves malicious .htaccess files that prevent the execution of legitimate scripts while allowing known malicious PHP files.

How does this vulnerability work?

The vulnerability works by embedding malicious directives in .htaccess files within the plugin. These directives block legitimate script execution while permitting harmful PHP files, potentially disrupting site functionality if the files are moved outside the plugin’s directory.

Who is affected by this vulnerability?

Any WordPress site using the OVRI Payment plugin version 1.7.0 is affected. Administrators should check their installed plugins to determine if they are running this specific version.

How can I check if my site is vulnerable?

To check if your site is vulnerable, log in to your WordPress admin dashboard, navigate to the Plugins section, and look for the OVRI Payment plugin. Verify that the version is 1.7.0.

What should I do if I find the vulnerable version?

If you find that your site is using the vulnerable version, you should immediately remove the plugin or update it to a secure version if available. Additionally, check for any .htaccess files that may have been affected.

What does a CVSS score of 6.5 indicate?

A CVSS score of 6.5 indicates a medium severity level, meaning the vulnerability poses a moderate risk. It requires low complexity to exploit and does not need special privileges or user interaction, which could lead to integrity and availability issues.

What are the risks associated with this vulnerability?

The risks include disruption of normal site functionality and the potential execution of unauthorized PHP scripts. This can lead to loss of data integrity and availability, affecting the overall security of the website.

How can I mitigate this vulnerability?

To mitigate this vulnerability, remove the OVRI Payment plugin version 1.7.0 from your site immediately. Monitor your site for any unauthorized changes and ensure that your WordPress installation and all plugins are kept up to date.

What is the proof of concept for this vulnerability?

The proof of concept for CVE-2024-10938 involves demonstrating how the malicious .htaccess directives can block legitimate scripts while allowing harmful PHP files to execute. This can be tested by analyzing the .htaccess files included with the plugin.

Will there be a fix for this vulnerability?

A fix will require the plugin author to release a clean version of the OVRI Payment plugin that removes the malicious .htaccess files. Keep an eye on the plugin’s official page for updates and patches.

What should I do if I have already moved the .htaccess files?

If you have moved the .htaccess files, revert them to their original location within the plugin directory or remove them entirely. Review your website for any signs of unauthorized script execution or other security issues.

How can I stay informed about vulnerabilities like this?

To stay informed about vulnerabilities, regularly check security advisories from sources like the National Vulnerability Database, WordPress security blogs, and follow updates from plugin developers.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2024-10938: OVRI Payment 1.7.0 – Malicious .htaccess directive (moneytigo)

CVE ID CVE-2024-10938

Plugin moneytigo

Severity Medium (CVSS 6.5)

CWE 506

Vulnerable Version 1.7.0

Patched Version —

Disclosed February 25, 2026

Analysis Overview

Atomic Edge analysis of CVE-2024-10938 (metadata-based):
This vulnerability is an instance of embedded malicious code (CWE-506). The OVRI Payment plugin version 1.7.0 contained one or more .htaccess files with malicious directives. These directives are designed to block the execution of legitimate scripts while explicitly allowing the execution of known malicious PHP files. The vulnerability description indicates the files are within the plugin’s directory. The risk arises if these files are moved to a higher-level directory, such as the site root, where they could affect the entire website’s behavior. The root cause is the intentional inclusion of harmful configuration files within the plugin’s distribution package. The exploitation method does not involve a remote attacker triggering a flaw. Instead, exploitation is contingent on the site administrator or a separate vulnerability moving the malicious .htaccess file. The impact is the disruption of normal site function and the potential execution of unauthorized PHP scripts, leading to integrity and availability loss. A fix requires the plugin author to release a clean version that removes the malicious files. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) confirms network accessibility, low attack complexity, no privileges required, no user interaction, and impacts integrity and availability.

Frequently Asked Questions

What is CVE-2024-10938?
Overview of the vulnerability
CVE-2024-10938 is a medium severity vulnerability in the OVRI Payment plugin for WordPress, specifically in version 1.7.0. It involves malicious .htaccess files that prevent the execution of legitimate scripts while allowing known malicious PHP files.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability works by embedding malicious directives in .htaccess files within the plugin. These directives block legitimate script execution while permitting harmful PHP files, potentially disrupting site functionality if the files are moved outside the plugin’s directory.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the OVRI Payment plugin version 1.7.0 is affected. Administrators should check their installed plugins to determine if they are running this specific version.
How can I check if my site is vulnerable?
Steps to verify plugin version
To check if your site is vulnerable, log in to your WordPress admin dashboard, navigate to the Plugins section, and look for the OVRI Payment plugin. Verify that the version is 1.7.0.
What should I do if I find the vulnerable version?
Immediate actions to take
If you find that your site is using the vulnerable version, you should immediately remove the plugin or update it to a secure version if available. Additionally, check for any .htaccess files that may have been affected.
What does a CVSS score of 6.5 indicate?
Understanding the severity rating
A CVSS score of 6.5 indicates a medium severity level, meaning the vulnerability poses a moderate risk. It requires low complexity to exploit and does not need special privileges or user interaction, which could lead to integrity and availability issues.
What are the risks associated with this vulnerability?
Potential impacts on the website
The risks include disruption of normal site functionality and the potential execution of unauthorized PHP scripts. This can lead to loss of data integrity and availability, affecting the overall security of the website.
How can I mitigate this vulnerability?
Preventive measures to take
To mitigate this vulnerability, remove the OVRI Payment plugin version 1.7.0 from your site immediately. Monitor your site for any unauthorized changes and ensure that your WordPress installation and all plugins are kept up to date.
What is the proof of concept for this vulnerability?
Demonstrating the issue
The proof of concept for CVE-2024-10938 involves demonstrating how the malicious .htaccess directives can block legitimate scripts while allowing harmful PHP files to execute. This can be tested by analyzing the .htaccess files included with the plugin.
Will there be a fix for this vulnerability?
Future updates from the plugin author
A fix will require the plugin author to release a clean version of the OVRI Payment plugin that removes the malicious .htaccess files. Keep an eye on the plugin’s official page for updates and patches.
What should I do if I have already moved the .htaccess files?
Steps to rectify the situation
If you have moved the .htaccess files, revert them to their original location within the plugin directory or remove them entirely. Review your website for any signs of unauthorized script execution or other security issues.
How can I stay informed about vulnerabilities like this?
Resources for ongoing security updates
To stay informed about vulnerabilities, regularly check security advisories from sources like the National Vulnerability Database, WordPress security blogs, and follow updates from plugin developers.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations