CVE-2024-10938 identifies a vulnerability in the OVRI Payment plugin for WordPress, specifically version 1.7.0, where malicious .htaccess files are embedded within the plugin package. These .htaccess files are crafted to prevent execution of certain legitimate scripts while allowing execution of malicious PHP files, effectively enabling attackers to run unauthorized code on the affected web server. The .htaccess files control Apache web server behavior and can manipulate access controls and script execution permissions. If these malicious .htaccess files are moved outside the plugin directory, they may interfere with the overall site functionality, potentially causing denial of service or enabling further malicious activity. The vulnerability is classified under CWE-506, which involves embedded malicious code. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, no user interaction, and impacts on integrity and availability but not confidentiality. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability could be exploited by attackers to disrupt payment processing or compromise site availability, posing risks to e-commerce operations relying on this plugin.

The primary impact of this vulnerability is on the integrity and availability of websites using the OVRI Payment plugin version 1.7.0. Attackers exploiting the malicious .htaccess files can execute unauthorized PHP scripts, potentially disrupting payment processing workflows or causing site outages. This can lead to financial losses, reputational damage, and loss of customer trust for organizations relying on this plugin for online transactions. Since the vulnerability does not affect confidentiality directly, data breaches are less likely, but the ability to execute malicious code could be leveraged for further attacks. The disruption of payment services can have cascading effects on business operations, especially for e-commerce sites. The fact that no authentication or user interaction is required increases the risk of automated exploitation attempts. Organizations worldwide using this plugin version are at risk, particularly those with high transaction volumes or critical online services.

Organizations should immediately audit their WordPress installations to identify the presence of the OVRI Payment plugin version 1.7.0. Since no official patch is currently available, the safest mitigation is to disable or uninstall the affected plugin until a secure version is released. Administrators should inspect their web server directories for suspicious .htaccess files, especially those outside the plugin directory, and remove any unauthorized files. Implementing strict file integrity monitoring can help detect unauthorized changes to .htaccess and PHP files. Web application firewalls (WAFs) can be configured to block requests attempting to exploit this vulnerability by filtering suspicious PHP file executions. Additionally, restricting write permissions on web server directories can prevent attackers from placing or moving malicious .htaccess files. Regular backups and incident response plans should be in place to recover quickly if exploitation occurs. Monitoring for unusual site behavior or errors related to .htaccess directives is also recommended.