CVE-2023-3136: 
WordPress vulnerability analysis and mitigation

The MailArchiver WordPress plugin versions up to and including 2.10.1 contains a Stored Cross-Site Scripting vulnerability (CVE-2023-3136). The vulnerability was discovered in July 2023 and affects the email subject handling functionality of the plugin. This security issue stems from insufficient input sanitization and output escaping mechanisms (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 7.2 (High) according to Wordfence, while NVD assigns it a score of 6.1 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it can be exploited remotely without requiring privileges, though user interaction is needed (NVD).

When exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising user data and browser sessions (NVD).

Site administrators should immediately update their MailArchiver plugin to a version newer than 2.10.1. A patch has been released to address the vulnerability, which can be found in the WordPress plugin repository (WordPress Patch).