Does MailArchiver have any unpatched vulnerabilities?

No. All known vulnerabilities in MailArchiver have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MailArchiver compatible with WordPress 6.9.4?

According to WordPress.org data, MailArchiver 4.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MailArchiver compatible with PHP 8.1+?

MailArchiver requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MailArchiver updated?

MailArchiver was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is MailArchiver's security score?

MailArchiver has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MailArchiver Security & Risk Analysis

wordpress.org/plugins/mailarchiver

Automatically archive all emails sent from your site. Store them in your WordPress database or send them to external services.

100 active installs v4.5.1 PHP 8.1+ WP 6.2+ Updated Feb 20, 2026

archiveemailemail-loglogmail

A · Safe

CVEs total3

Unpatched0

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is MailArchiver Safe to Use in 2026?

Generally Safe

Score 95/100

MailArchiver has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 6, 2026Updated 1mo ago

Risk Assessment

The MailArchiver plugin v4.5.1 exhibits a mixed security posture. While it demonstrates some good practices, such as a high percentage of prepared statements for SQL queries and a good number of nonce and capability checks, there are significant areas of concern. The presence of an unprotected AJAX handler creates a direct attack vector for unauthenticated users, posing a considerable risk. Furthermore, the use of the `unserialize` function is a known dangerous function that can lead to remote code execution if not handled with extreme caution and input validation, which is not explicitly detailed as a strength in the analysis. The plugin's vulnerability history, with 3 known CVEs including one high-severity SQL injection and two medium-severity vulnerabilities (XSS and SQL injection), suggests a pattern of past security weaknesses. The fact that all historical vulnerabilities are listed as patched is positive, but the types of past vulnerabilities align with potential risks identified in the static analysis, such as SQL queries and output handling.

Key Concerns

Unprotected AJAX handler
Use of unserialize function
High severity historical CVEs
Medium severity historical CVEs
Less than 70% output escaping

Vulnerabilities

MailArchiver Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-2721medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings

Mar 6, 2026 Patched in 4.5.0 (1d)

CVE-2026-2831medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

MailArchiver <= 4.5.0 - Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter

Feb 26, 2026 Patched in 4.5.1 (1d)

CVE-2023-3136high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject

Jul 12, 2023 Patched in 2.11.0 (195d)

Code Analysis

Analyzed Mar 16, 2026

MailArchiver Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

59 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$values = unserialize( parent::format( $record ) );includes\formatters\class-newlineformatter.php:40

unserialize$a = unserialize( $this->format( $record ) );includes\formatters\class-wordpressformatter.php:113

unserialize$messages = unserialize( $record['formatted'] );includes\handlers\class-wordpresshandler.php:81

Bundled Libraries

Guzzle

SQL Query Safety

83% prepared23 total queries

Output Escaping

53% escaped112 total outputs

Attack Surface

1 unprotected

MailArchiver Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 2

authwp_ajax_hide_mailarchiver_nagincludes\plugin\class-core.php:107

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 4

[mailarchiver-wpcli] includes\features\class-wpcli.php:991

[mailarchiver-changelog] includes\plugin\class-core.php:79

[mailarchiver-libraries] includes\plugin\class-core.php:80

[mailarchiver-statistics] includes\plugin\class-core.php:81

WordPress Hooks 43

filterscreen_settingsadmin\class-mailarchiver-admin.php:134

filterinit_perfopsone_admin_menusadmin\class-mailarchiver-admin.php:217

actionshutdownincludes\handlers\class-abstractbufferedhttphandler.php:149

actionshutdownincludes\handlers\class-abstractbufferedmailhandler.php:111

actionshutdownincludes\handlers\class-abstractfilehandler.php:94

filterwp_mailincludes\listeners\class-corelistener.php:101

actionwp_mail_failedincludes\listeners\class-corelistener.php:102

actionphpmailer_initincludes\listeners\class-corelistener.php:103

filterpre_wp_mailincludes\listeners\class-corelistener.php:105

filterpost_smtp_do_send_emailincludes\listeners\class-corelistener.php:106

actionwp_mail_smtp_mailcatcher_send_afterincludes\listeners\class-wpmslistener.php:63

filterperfopsone_plugin_infoincludes\plugin\class-core.php:72

actioninitincludes\plugin\class-core.php:73

actioninitincludes\plugin\class-core.php:74

actionplugins_loadedincludes\plugin\class-core.php:75

actionplugins_loadedincludes\plugin\class-core.php:76

actionwp_headincludes\plugin\class-core.php:77

actionshutdownincludes\plugin\class-core.php:78

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:98

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:99

actionadmin_menuincludes\plugin\class-core.php:100

actionadmin_menuincludes\plugin\class-core.php:101

actionadmin_menuincludes\plugin\class-core.php:102

actionadmin_initincludes\plugin\class-core.php:103

filterplugin_row_metaincludes\plugin\class-core.php:105

actionadmin_noticesincludes\plugin\class-core.php:106

filtermyblogs_blog_actionsincludes\plugin\class-core.php:108

filtermanage_sites_action_linksincludes\plugin\class-core.php:109

actionwp_enqueue_scriptsincludes\plugin\class-core.php:120

actionwp_enqueue_scriptsincludes\plugin\class-core.php:121

filterplugins_apiincludes\plugin\class-updater.php:67

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:68

actionupgrader_process_completeincludes\plugin\class-updater.php:69

filterclean_urlincludes\plugin\class-updater.php:70

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:80

filtersite_status_testsincludes\system\class-sitehealth.php:82

filterdebug_informationincludes\system\class-sitehealth.php:92

filterdebug_informationincludes\system\class-sitehealth.php:93

filterdebug_informationincludes\system\class-sitehealth.php:111

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

MailArchiver Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version8.1

Downloads11K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

MailArchiver Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Activity Log – Monitor & Record User Changes

aryo-activity-log

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

200K 9 CVEs

Developer Profile

MailArchiver Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect MailArchiver

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mailarchiver/dist/css/mailarchiver.css/wp-content/plugins/mailarchiver/dist/js/mailarchiver.js

Script Paths

/wp-content/plugins/mailarchiver/dist/js/mailarchiver.js

Version Parameters

mailarchiver.css?ver=mailarchiver.js?ver=

HTML / DOM Fingerprints

CSS Classes

mailarchiver-about-logo

HTML Comments

+2 more

Data Attributes

data-i18n-id

JS Globals

MAILARCHIVER_ASSETS_IDMAILARCHIVER_PRODUCT_NAMEMAILARCHIVER_VERSIONMAILARCHIVER_SLUGMAILARCHIVER_MAX_SHUTDOWN_PRIORITY

REST Endpoints

/wp-json/mailarchiver/v1/settings/wp-json/mailarchiver/v1/listeners

Shortcode Output

[mailarchiver-libraries][mailarchiver-changelog]

FAQ

MailArchiver Security & Risk Analysis

Is MailArchiver Safe to Use in 2026?

Generally Safe

Key Concerns

MailArchiver Security Vulnerabilities

CVEs by Year

Severity Breakdown

MailArchiver Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

MailArchiver Attack Surface

AJAX Handlers 2

Shortcodes 4

MailArchiver Maintenance & Trust

Maintenance Signals

Community Trust

MailArchiver Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

WP Mail Logging

Activity Log – Monitor & Record User Changes

MailArchiver Developer Profile

How We Detect MailArchiver

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about MailArchiver