We just received the message that all Plesk versions have been running since 12.x to 17.x. security breach which allow the end user to read files of the psaadm user. Thus one can obtain entrance to the Admin user and eg commands as root user To run.
On the 15.4. the gap should be published by the manufacturer Plesk.
Until then, all Plesk servers must be upgraded to the latest version. 12.x updates were also provided for the old end-of-life versions.
How do I update my system?
by SSH eg simply execute the following command as root:
For Plesk 17.x:
plesk installer update
For Plesk 12.5:
plesk installer --select-release-current --reinstall-patch --upgrade-installed-components
For Plesk 12.0:
/usr/local/psa/admin/sbin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component panel
or in Plesk even about the update function. To do this, log in as an admin and look for updates. It makes sense to update the operating system in this context and to activate the auto-update function.