Moin,
dovecot has released 2.3.13 to fix e.g. NVD - CVE-2020-24386.
plesk-dovecot is still 2.3.7.2-debian9.0.20032110.
"leading to access to other users' email messages" is especially relevant in a shared hosting environment, which many plesk users are reselling.
When can we expect an update...