A long time ago we fixed a critical vulnerability in Plesk (internal ID: PFSI-62427). Now the full details of this vulnerability are going to be disclosed publicly.
All supported versions of Plesk are fixed. If you are using one of them, then there is no impact for you.
In case your instance is vulnerable, an unauthenticated attacker (for outdated Plesk 18.x) or a malicious subscription owner (for outdated Plesk 17.x and older) can fully compromise the server.