Browse all 16 CVE security advisories affecting WellChoose. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wellchoose operates as an employee benefits platform, primarily serving organizations to manage health insurance and wellness programs. Historically, the application has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, with 16 CVEs documented to date. Notable security characteristics include exposure of sensitive user data through improper access controls and insufficient input validation. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities across different components suggests ongoing challenges in secure development practices, potentially exposing both employee and organizational data to unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10202 | Wellchoose Administrative Management System - OS Command Injection — Administrative Management SystemCWE-78 | 8.8 | High | 2024-10-21 |
| CVE-2024-10201 | Wellchoose Administrative Management System - Arbitrary File Upload — Administrative Management SystemCWE-434 | 8.8 | High | 2024-10-21 |
| CVE-2024-10200 | Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal — Administrative Management SystemCWE-23 | 7.5 | High | 2024-10-21 |
This page lists every published CVE security advisory associated with WellChoose. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.