What is WPXF?
WPXF or WordPress Exploit Framework is an open source penetration tool coded in Ruby that helps you perform penetration tests of websites powered by WordPress. It helps you fingerprint WordPress installations and plugins along with functionality to login, post content or gather information about users. Just like the Metasploit framework, it has auxiliary and exploit modules. Auxiliary modules allow you to perform activities such as exfiltrating information from the target, escalate privileges or provide denial of service functionality. Likewise, exploit modules require you to specify a payload which gets executed on the target machine, allowing you to run arbitrary code, establish a remote shell, etc. under the purview of the web application account owner.