cleantalk
Vulnerabilities and Security Researches

OVRI Payment, CVE-2024-10938

CVE, Research URL

CVE-2024-10938

Home page URL

Security reports for OVRI Payment

Application

OVRI Payment

Published on
Feb 27, 2026
Research Description
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper function of a site.
Affected versions
max 1.7.0.
Status
vulnerable
Previous vulnerability researches
Social Photo Gallery (CVE-2019-14467) , Jun 06, 2024
New vulnerability
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-32539) , Mar 30, 2026
Kargo Takip (CVE-2026-25365) , Mar 30, 2026
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) (CVE-2026-32429) , Mar 30, 2026
Pochipp (CVE-2026-32417) , Mar 30, 2026
Contact Manager (CVE-2026-32517) , Mar 30, 2026