Browse all 4 CVE security advisories affecting Plesk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Plesk serves as a web hosting control panel enabling server management and website deployment. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or authentication flaws. The platform has faced security incidents, including a 2019 vulnerability (CVE-2019-6799) allowing unauthorized access to sensitive data. With four current CVEs, ongoing security concerns persist, particularly around default configurations and third-party component integration. Regular updates and hardening remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66431 | WebPros Plesk 安全漏洞 — PleskCWE-61 | 7.8 | High | 2025-12-03 |
| CVE-2023-0829 | Cross-Site Scripting (XSS) vulnerability in Plesk — PleskCWE-79 | 8.8 | High | 2023-09-20 |
This page lists every published CVE security advisory associated with Plesk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.