Plesk Incorrect Access Control

CRITICAL (9.1) No Patch (1 days)
cwe-284pleskpostgresqlpsqlrcesecurity-vulnerabilityweb-server

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 8%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Plesk is a web-based interface for managing servers and websites. It's widely used by hosting providers and small businesses to manage their server configurations, user accounts, and website settings. The vulnerability in Plesk allows attackers to gain root-level access to the server without needing any credentials.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Parallels / Plesk

How to fix

  1. Upgrade to Plesk version 19.0 or later.
  2. Immediate mitigations:
    • Restrict network access to your Plesk server (firewall it from the public internet)
    • Audit user account activity for suspicious access patterns
    • Monitor for unauthorized changes to system configuration

References