CVE-2016-10956
published 2019-09-16CVE-2016-10956: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
10.58%
95.2th percentile
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mail-masta_project | mail-masta | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
rule CVE_2016_10956_LFI_response { strings: $passwd = /root:.*:0:0:/ condition: $passwd }- →Detect exploitation attempts by monitoring GET requests to the vulnerable LFI parameter `?pl=` on count_of_send.php or csvexport.php within the mail-masta plugin path. ↗
- →Responses containing the pattern `root:.*:0:0:` in the HTTP body indicate successful LFI exploitation and /etc/passwd file disclosure. ↗
- →Use the Google dork `inurl:"/wp-content/plugins/mail-masta"` to identify exposed WordPress instances running the vulnerable plugin. ↗
- →HTTP 200 or 500 response codes combined with LFI payload in the `pl` parameter are considered indicators of a successful or attempted exploit. ↗
- ·The LFI parameter is `pl` — both vulnerable scripts (count_of_send.php and csvexport.php) accept this parameter for file inclusion. Detection rules should target this specific parameter name. ↗
- ·The nuclei template uses `stop-at-first-match: true`, meaning only one of the two endpoints needs to be vulnerable for a positive detection — defenders should check both endpoints independently. ↗
- ·No authentication is required to exploit this vulnerability (PR:N, UI:N per CVSS), meaning unauthenticated HTTP GET requests are sufficient for exploitation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Mail Masta 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2016-10956 [HIGH] WordPress Mail Masta 1.0 - Local File Inclusion
WordPress Mail Masta 1.0 - Local File Inclusion
WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
Template:
id: CVE-2016-10956
info:
name: WordPress Mail Masta 1.0 - Local File Inclusion
author: daffainfo,0x240x23elu
severity: high
description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: |
Update WordPress Mail Masta to the latest version or apply the vendor-supplied patch to fix the local file inclusion vulnerability.
reference:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vuln
No writeups or analysis indexed.
2019-09-16
Published