1) Create a new template on https://vulnerable-site.tld/wp-admin/admin.php?page=e2pdf-templates.

In the popup, select "Empty PDF.". In the "Title" input field, inject the following JavaScript payload:

<script>alert("Tested by iduzzel");</script>

Click the "Save" button to save the template.

2) Return to the templates listing, and click on the "Backup" option for the template you created.

The popup will appear at the following URL, indicating the vulnerable page:
http://vulnerable-site.tld/wp-admin/admin.php?page=e2pdf-templates&action=backup&id=6 (or id=1 for the first attempt).

Other pages are affected as well, including:
- https://vulnerable-site.tld/wp-admin/admin.php?page=e2pdf
- https://vulnerable-site.tld/wp-admin/admin.php?page=e2pdf&action=bulk