Vulnerabilities (CVE)

Filtered by vendor Plesk Subscribe
Filtered by product Plesk
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45008 1 Plesk 1 Plesk 2024-11-21 6.5 MEDIUM 8.8 HIGH
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
CVE-2021-45007 1 Plesk 1 Plesk 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
CVE-2023-4931 1 Plesk 1 Plesk 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
CVE-2023-0829 1 Plesk 1 Plesk 2024-02-28 N/A 9.0 CRITICAL
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.