Article ID: 113457, created on Mar 14, 2012, last review on Aug 12, 2014

  • Applies to:
  • Plesk 10.3 for Linux/Unix
  • Plesk 10.2 for Linux/Unix
  • Plesk 10.1 for Linux/Unix
  • Plesk 10.0.x for Linux/Unix
  • Plesk 9.x for Linux/Unix
  • Plesk 8.x for Linux/Unix
  • Plesk 10.3 for Windows
  • Plesk 10.2 for Windows
  • Plesk 10.1 for Windows
  • Plesk 10.0.x for Windows
  • Plesk 9.x for Windows
  • Plesk 8.x for Windows

Dear Customer,

This is a critical security-related email from Parallels regarding a recent security update. Please read this message in its entirety and take the recommended actions to ensure that your installation of Parallels Plesk Panel is up-to-date and has all security fixes applied. If you would like to receive regular notices from Parallels about security or other important product updates – please subscribe here.
Parallels has issued an update for a critical security vulnerability in some older versions of Plesk. The affected versions can be found below. If you have already applied the recommended update or are already running an up-to-date version, your system does not have this vulnerability, and no further action is required.

Patches are available for:

  • Plesk 10.3
  • Plesk 10.2
  • Plesk 10.1
  • Plesk 10.0
  • Plesk 9.5 (up to 9.5.5)
  • Plesk 9.3
  • Plesk 9.2
  • Plesk 9.0
  • Plesk 8.6
  • Plesk 8.4
  • Plesk 8.3
  • Plesk 8.2
  • Plesk 8.1
Please read this Knowledge Base article for instructions on how to install these patches:

113448 [Info] Remote Vulnerability in Plesk Panel

Instructions on how to check if you have been affected by this vulnerability can be found in this article:

113424 How to make sure your Plesk Panel 8.x, 9.x, 10.0, 10.1, 10.2, or 10.3 is not vulnerable

If you have already been affected by this vulnerability, it is recommended that after you apply the patches, you change all account passwords, including the password for "admin."

A utility that can enable you to do this quickly is available at:

113391 Plesk Mass Password Reset Script


Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.
It is important that you keep your Parallels Plesk Panel product up-to-date. Parallels strongly urges you to stay current on the latest version of Parallels Plesk Panel with Micro-Updates enabled so that the latest updates will be installed as soon as they are available.
The Plesk Panel Team
Please note that obsolete Plesk versions such as version 7.x or older versions are beyond end-of-life and do not receive security updates. If you are running one of these versions, you must upgrade to Plesk version 8, 9, or 10 in order to use the security fixes described above. If you have one of these obsolete versions and have an "owned’" or "purchased" license (that is, not a "lease" license), you must have an active Software Upgrade Service contract to complete this upgrade. Parallels has created a support channel specific to this Plesk security vulnerability. If you have questions that the Knowledge Base articles do not answer, please submit this form for answers.

c45acecf540ecd42a4bbfb242ce02b1d a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8 6ef0db7f1685482449634a455d77d3f4 29d1e90fd304f01e6420fbe60f66f838 9e077d0ffcd7a88f7d9f0646d5e70ec5 c796c01d6951fa24ed54c7f1111667c6 df2db7f3302fe384002b885ca84f1a2f f2d85fccc955a226f0b30e58456170cb b8ef5052d936e902043e41759118114e f4ce8084cb23619ef5fe9428ecc388ea dd0611b6086474193d9bf78e2b293040 d3c493291d6d9f66837ac7495dfea9ca 54579744b69fb80c0c96c212e7a96aa0 b21de1858ad3ec50d5613195a77434ab aac4a8fcd879de03758354e15495d69a def31538ba607bde27398f48ab5956be 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF