This is a critical security-related email from Parallels regarding a recent security update. Please read this message in its entirety and take the recommended actions to ensure that your installation of Parallels Plesk Panel is up-to-date and has all security fixes applied
. If you would like to receive regular notices from Parallels about security or other important product updates – please subscribe here
Parallels has issued an update for a critical security vulnerability in some older versions of Plesk. The affected versions can be found below. If you have already applied the recommended update or are already running an up-to-date version, your system does not have this vulnerability, and no further action is required.
Patches are available for:
Please read this Knowledge Base article for instructions on how to install these patches
Plesk 9.5 (up to 9.5.5)
113448 [Info] Remote Vulnerability in Plesk Panel
Instructions on how to check if you have been affected by this vulnerability can be found in this article:
113424 How to make sure your Plesk Panel 8.x, 9.x, 10.0, 10.1, 10.2, or 10.3 is not vulnerable
If you have already been affected by this vulnerability, it is recommended that after you apply the patches, you change all account passwords, including the password for "admin."
A utility that can enable you to do this quickly is available at:
113391 Plesk Mass Password Reset Script
Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.
It is important that you keep your Parallels Plesk Panel product up-to-date. Parallels strongly urges you to stay current on the latest version of Parallels Plesk Panel with Micro-Updates enabled so that the latest updates will be installed as soon as they are available.
The Plesk Panel Team
Please note that obsolete Plesk versions such as version 7.x or older versions are beyond end-of-life and do not receive security updates. If you are running one of these versions, you must upgrade to Plesk version 8, 9, or 10 in order to use the security fixes described above. If you have one of these obsolete versions and have an "owned’" or "purchased" license (that is, not a "lease" license), you must have an active Software Upgrade Service contract to complete this upgrade. Parallels has created a support channel specific to this Plesk security vulnerability. If you have questions that the Knowledge Base articles do not answer, please submit this form for answers.