PHP shell script was uploaded under home directory of subscription.
How to prevent filesystem browsing with php shell scripts?
You can disable
shell_exec and other functions in PHP by using the
Login to Plesk and check PHP settings:
Plesk > Domains > Example.com > Website Scripting and Security > PHP settings
Add the following line under Additional configuration directives
Check PHP documentation if you need more disabled functions.