A critical security vulnerability has been identified in the MailArchiver plugin for WordPress, raising serious concerns over WordPress security and the potential for malware attacks. Discovered and responsibly reported by Alex Thomas, this vulnerability allows malicious attackers to execute arbitrary code on the affected system, posing significant risks to the confidentiality, integrity, and availability of websites.

The vulnerability stems from a cross-site scripting (XSS) flaw in the MailArchiver plugin, enabling attackers to inject malicious scripts into web pages. When victims view the compromised pages, the injected scripts execute, granting attackers control over the affected system.

Exploiting the vulnerability involves sending a specially crafted email to a user with the MailArchiver plugin installed. If the user opens the email, the malicious script triggers, granting attackers full control over the compromised system.


The severity of this vulnerability is classified as critical, with a CVSS 3.1 score of 9.8. This high score indicates its susceptibility to exploitation and the significant impact it can have on website security.

Affected Versions:

The vulnerability affects all versions of the MailArchiver plugin released before version 7.2. Websites running older versions are at risk and should prioritize updating immediately.


Exploiting this vulnerability grants attackers complete control over the affected system, presenting a range of potential consequences, including:

  1. Unauthorized access and theft of sensitive data.
  2. Installation of malware, compromising website integrity.
  3. Disruption of system operations, leading to potential downtime.


To safeguard website security and protect against potential malware threats, users of the MailArchiver plugin must take swift action. Updating to version 7.2 or higher is critical, as it contains the essential fix to address the XSS vulnerability and reinforce overall plugin security.

In the ever-evolving landscape of WordPress security, staying proactive in updating plugins and adopting best security practices is essential. Promptly addressing vulnerabilities like this XSS flaw in the MailArchiver plugin helps ensure a secure WordPress environment, shielding websites from unauthorized access and potential malicious attacks.

Remember, WordPress security is a shared responsibility, and taking immediate action to update vulnerable plugins is crucial in safeguarding websites and preserving user trust. Act now to protect your WordPress site from potential harm and maintain a secure online presence.