Below is the quick fix for the Plesk-Horde vulnerability.
Manually apply a patch to the Horde Permission’s User Interface code to
“remove” the “All Authenticated Users” option from the HTML form:
A quick fix to hide this setting in the UI code is to add HTML comments
(“<! –” … “–>”) around the “All Authenticated Users” options in the
HTML form. Basically, it is to add “<! –” at line 63 and “–>” at
(original) line 81 in /usr/share/psa-horde/templates/shares/edit.inc