Description
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.
Remediation
References
Related Vulnerabilities
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (2.33)
Moodle Improper Access Control Vulnerability (CVE-2016-8642)
WordPress Plugin Ads Pro-Multi-Purpose WordPress Advertising Manager Multiple Vulnerabilities (3.4)
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.1)