VYPR

Plesk

by Parallels

CVEs (4)

  • CVE-2025-66431HigDec 3, 2025
    risk 0.51cvss 7.8epss 0.00

    WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

  • CVE-2025-66430Dec 12, 2025
    risk 0.00cvss epss 0.00

    Plesk 18.0 has Incorrect Access Control.

  • CVE-2023-0829Sep 20, 2023
    risk 0.00cvss epss 0.01

    Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

  • CVE-2008-6984Aug 19, 2009
    risk 0.00cvss epss 0.01

    Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as…