CVE-2020-36853
10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings ChangeThe 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 1,981 live websites that are affected by CVE-2020-36853.
Affected Software
| Product |  Wd Google Maps |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,981 live websites (100% of Wd Google Maps install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 18, 2025
- Updated - Oct 20, 2025
Credits
- Mikey Veenstra (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2020-36853 United States | 415 websites |
 Germany | 239 websites |
 France | 160 websites |
 Italy | 118 websites |
 GB | 97 websites |
 Poland | 75 websites |
 Netherlands | 66 websites |
 Japan | 52 websites |
 Switzerland | 47 websites |
 Brazil | 40 websites |
Website Distribution by TLD
Number of websites using CVE-2020-36853| .com | 689 websites |
| .de | 131 websites |
| .it | 84 websites |
| .fr | 80 websites |
| .org | 74 websites |
| .co.uk | 56 websites |
| .nl | 56 websites |
| .pl | 55 websites |
| .ch | 44 websites |
| .net | 43 websites |
Websites affected by CVE-2020-36853
Top websites that are affected by CVE-2020-36853. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.app | Germany | **,*** | |
| ****.*****.edu | United States | ***,*** | |
| ***.***.uk | United States | ***,*** | |
| ****.org | United States | ***,*** | |
| ****************.***.uk | United States | ***,*** | |
| ********.com |  Russia | ***,*** | |
| ******.de | Germany | ***,*** | |
| *********.fr | Russia | ***,*** | |
| ********.com | United States | ***,*** | |
| ********.com | Japan | ***,*** |
FAQ
CVE-2020-36853 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Wd Google Maps
A total of 1,981 websites have been identified as vulnerable to CVE-2020-36853, based on global website indexing conducted by WebTechSurvey.
The Wd Google Maps is affected by the CVE-2020-36853 vulnerability.
Wd Google Maps versions up to 1.0.64 are vulnerable to CVE-2020-36853.
CVE-2020-36853 is resolved in version 1.0.64 of Wd Google Maps.