(versión en español)
Recently have been appeared vulnerabilities in API of Plesk . These vulnerabilities are SQL injection type and have been a constant worry for more than one.
I leave details in the following link http://kb.parallels.com/en/113321
The latest microupdates of versions 9.5.4 and 10.3.1, fixed such vulnerabilities.
But those who chose to upgrade to 10.3.1 or 10.4.4 have been involved in another mess. These versions of the Plesk panel have another bug, though no worse than the previous one, is quite important.
The problem has to do with php and any change made in the php main configuration file (/ etc / php.ini usually) not taken into account. So, for example, if we remove the safe_mode (safe_mode = Off) for all domains, if we edit the file / etc / php.ini and we restart the web service for the change to take effect, we will can see that has not happened.
The only thing you can do is manually edit the php.ini file of the domains that you need, which is a bit sloppy but it works.
For now Parallels has provided no solution, or to indicate when it will. To be a product for which a license is paid, is taking too long.
We do not usually so staunchly defend any software, as none is free of bugs, but there are other panels such as ispCP which are free and so far has not been published any vulnerabilities inherent to the panel. Something else, are the vulnerabilities that have appeared in software that goes under the panel, as the web server, kernel, …