Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wellchoose — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting Wellchoose. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wellchoose operates as an employee benefits platform, primarily serving organizations to manage health insurance and wellness programs. Historically, the application has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, with 16 CVEs documented to date. Notable security characteristics include exposure of sensitive user data through improper access controls and insufficient input validation. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities across different components suggests ongoing challenges in secure development practices, potentially exposing both employee and organizational data to unauthorized access.

Top products by Wellchoose: Organization Portal System Administrative Management System Single Sign-On Portal System IFTOP BatchSignCS
CVE IDTitleCVSSSeverityPublished
CVE-2026-3826 WellChoose|IFTOP - Local File Inclusion — IFTOPCWE-98 9.8 Critical2026-03-11
CVE-2026-3825 WellChoose|IFTOP - Reflected Cross-site Scripting — IFTOPCWE-79 6.1 Medium2026-03-11
CVE-2026-3824 WellChoose|IFTOP - Open redirect — IFTOPCWE-601 6.1 Medium2026-03-11
CVE-2026-1429 WellChoose|Single Sign-On Portal System - Reflected Cross-site Scripting — Single Sign-On Portal SystemCWE-79 5.4 Medium2026-01-26
CVE-2026-1428 WellChoose|Single Sign-On Portal System - OS Command Injection — Single Sign-On Portal SystemCWE-78 8.8 High2026-01-26
CVE-2026-1427 WellChoose|Single Sign-On Portal System - OS Command Injection — Single Sign-On Portal SystemCWE-78 8.8 High2026-01-26
CVE-2025-8914 WellChoose|Organization Portal System - SQL Injection — Organization Portal SystemCWE-89 6.5 Medium2025-08-13
CVE-2025-8913 WellChoose|Organization Portal System - Local File Inclusion — Organization Portal SystemCWE-98 9.8 Critical2025-08-13
CVE-2025-8912 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal — Organization Portal SystemCWE-36 7.5 High2025-08-13
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-8910 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal SystemCWE-79 6.1 Medium2025-08-13
CVE-2025-8909 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal — Organization Portal SystemCWE-36 6.5 Medium2025-08-13
CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal — BatchSignCSCWE-23 8.8 High2025-07-14
CVE-2024-10202 Wellchoose Administrative Management System - OS Command Injection — Administrative Management SystemCWE-78 8.8 High2024-10-21
CVE-2024-10201 Wellchoose Administrative Management System - Arbitrary File Upload — Administrative Management SystemCWE-434 8.8 High2024-10-21
CVE-2024-10200 Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal — Administrative Management SystemCWE-23 7.5 High2024-10-21

This page lists every published CVE security advisory associated with Wellchoose. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.