PenTestIT RSS Feed
Good news guys! We now have the WordPress Exploit Framework v1.8 amongst us! This new version fixes API compatibility with a shell upload module, updates multiple dependencies, introduces multiple API changes and adds multiple new modules and payloads!
WordPress Exploit Framework
What is WPXF or WordPress Exploit Framework?
> WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
Older versions than WordPress Exploit Framework v1.8 which I missed posting about, most importantly include a new method for executing tasks before storing a script using the StoredXSS mixin, among other module additions, such as the famous WP Statistics cross-site scripting vulnerabilities and the Arabic font cross-site request forgery/cross-site scripting shell upload. This open source framework is fast becoming one of my favourite tools for performing tests against WordPress installations.
You can follow the installation instructions mentioned in my first post that can be found here and upgrade to this latest WPXF version. If you are unable to do so, simply download wordpress-exploit-framework-1.8.zip or wordpress-exploit-framework-1.8.tar.gz from it's official download directory here.