EIP-2026-113877

PRE-CVE

WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113877. PoCs published by Matheus Alexandre.

AI-analyzed exploit summary This Python script exploits a Local File Inclusion (LFI) vulnerability in WordPress Plugin Mail Masta 1.0 by sending crafted requests to read arbitrary files from the server. It includes functionality to check target availability, verify vulnerability, and fuzz for files using a wordlist.

Description

WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)

Exploits (1)

exploitdb WORKING POC

by Matheus Alexandre · pythonwebappsphp

https://www.exploit-db.com/exploits/50226

View Code ZIP pw:eip

This Python script exploits a Local File Inclusion (LFI) vulnerability in WordPress Plugin Mail Masta 1.0 by sending crafted requests to read arbitrary files from the server. It includes functionality to check target availability, verify vulnerability, and fuzz for files using a wordlist.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Mail Masta 1.0

No auth needed

Prerequisites: Target running WordPress with Mail Masta 1.0 plugin · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026