How to create new exploit

Wordpress Sploit Framework is easy to use for create an exploit.

In the "exploits" directory that is in the Wordpress Sploit Framework folder. In this directory, you can create new file.

For name the new file: if the vulnerable plugin is "WP Example" in version 1.0 and the vulnerability is an SQL Injection, you name the exploit WP_Example_1_0_SQL_Injection.

The exploit must respect a standard syntax:

[Base]
title=
description:
version=
author=
date=
type=

[Identifiers] (Optional)
EDB=
CVE=

[Exploitation]
method=
url=

[Parameters]
param1=
param2=

[Base]:
The [Base] section is used to present exploit.
title= The title for exploit
description: The description for exploit
version= The affected release (it's possible set version 1.0 or <1.0)
author= The name of the author of the exploit
date= Date of discovery
type= Type of exploit: sql/xss/csrf/download

[Identifiers]
The [Identifiers] section is optional. It references the identifiers associated with the exploit.
EDB= Exploit DataBase ID (Example: 36600) Optional parameter.
CVE= CVE ID (Example: CVE-2015-4697) Optional parameter.

[Exploitation]
The [Exploitation] section is used to HTTP informations.
method= HTTP Method get/post
url= The vulnerable URL to perform the exploitation. (Example: /wp-content/plugins/example-plugin/file.php)

[Parameters]
The [Parameters] section is used to list the parameters with value associated. For define the vulnerable key, you would define [PAYLOAD] value.
key1=value1
key2=value2
key3=[PAYLOAD]

Your exploit is created!