CVE-2016-10956

HIGH NUCLEI

mail-masta 1.0 - Local File Inclusion in count_of_send.php and csvexport.php

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2016-10956. PoCs published by p0dalirius, Hackhoven. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2016-10956, which is a local file read vulnerability in the Mail Masta WordPress plugin. The exploit leverages a path traversal flaw in `count_of_send.php` to read arbitrary files from the server.

Description

The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

Exploits (3)

nomisec WORKING POC 20 stars

by p0dalirius · poc

https://github.com/p0dalirius/CVE-2016-10956-mail-masta

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2016-10956, which is a local file read vulnerability in the Mail Masta WordPress plugin. The exploit leverages a path traversal flaw in `count_of_send.php` to read arbitrary files from the server.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mail Masta WordPress plugin 1.0

No auth needed

Prerequisites: Target must have the vulnerable Mail Masta plugin installed

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Hackhoven · poc

https://github.com/Hackhoven/wp-mail-masta-exploit

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2016-10956, a Local File Inclusion (LFI) vulnerability in WordPress Plugin Mail Masta 1.0, to extract MySQL credentials from wp-config.php. The exploit uses both direct file inclusion and base64 encoding techniques to bypass restrictions.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Mail Masta 1.0

No auth needed

Prerequisites: Target must have WordPress Plugin Mail Masta 1.0 installed · Target must be accessible via HTTP/HTTPS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/p0dalirius/cve-2016-10956_mail_masta

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2016-10956, a local file read vulnerability in the Mail Masta WordPress plugin. The exploit leverages a path traversal flaw in `count_of_send.php` to read arbitrary files from the target system via base64-encoded responses.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mail Masta WordPress plugin 1.0

No auth needed

Prerequisites: Target must have the vulnerable Mail Masta plugin installed

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

WordPress Mail Masta 1.0 - Local File Inclusion

HIGHby daffainfo,0x240x23elu

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpvulndb.com/vulnerabilities/8609

Product x_refsource_misc

https://wordpress.org/plugins/mail-masta/#developers

Exploit, Third Party Advisory x_refsource_misc

https://cxsecurity.com/issue/WLB-2016080220

Scores

CVSS v3 7.5

EPSS 0.9105

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-20

Status published

Products (1)

mail-masta_project/mail-masta 1.0

Published Sep 16, 2019

Tracked Since Feb 18, 2026