← Back

Plesk

plesk

Vendor: Plesk • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-66430
1Plesk
1Plesk
Jan 6, 2026
Dec 12, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
Plesk 18.0 has Incorrect Access Control.
CVE-2023-4931
1Plesk
1Plesk
Nov 21, 2024
Nov 27, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, re...Show more
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.Show less
CVE-2023-0829
1Plesk
1Plesk
Nov 21, 2024
Sep 20, 2023
N/A· v4
9.0 CRITICAL· v3
N/A· v2
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain...Show more
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.Show less
CVE-2021-45008
1Plesk
1Plesk
Nov 21, 2024
Feb 21, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or mo...Show more
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk usersShow less
CVE-2021-45007
1Plesk
1Plesk
Nov 21, 2024
Feb 20, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on webs...Show more
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk usersShow less