As I see it, this is an engine exploit that somebody is using to run commands on plugins. I don't see it as a Mani exploit alone. It works on my HL2DM plugin as well without mani installed.
That being said, maybe the way commands are processed does need updating to make sure engine exploits aren't used to get to plugins.