Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

choijun — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting choijun. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Choijun develops enterprise software solutions with a focus on workflow automation and document management systems. Historically, vulnerabilities in their products have frequently included remote code execution flaws, cross-site scripting issues, and privilege escalation weaknesses, accounting for the majority of their 11 recorded CVEs. The organization has faced criticism for inconsistent patch release timelines and insufficient input validation in web interfaces. While no major public security incidents have been documented, their vulnerability history suggests a pattern of insufficient secure coding practices, particularly in authentication mechanisms and session management, requiring improved security testing protocols to mitigate future risks.

Top products by choijun: LA-Studio Element Kit for Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2026-0920 LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter — LA-Studio Element Kit for ElementorCWE-269 9.8 Critical2026-01-22
CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2025-09-06
CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2025-05-30
CVE-2025-4943 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2025-05-30
CVE-2025-3106 LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2025-04-18
CVE-2024-10787 LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure — LA-Studio Element Kit for ElementorCWE-639 4.3 Medium2024-12-04
CVE-2024-10873 LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion — LA-Studio Element Kit for ElementorCWE-98 8.8 High2024-11-23
CVE-2024-5349 LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion — LA-Studio Element Kit for ElementorCWE-22 8.8 High2024-07-02
CVE-2024-4431 LA-Studio Element Kit for Elementor <= 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2024-05-23
CVE-2024-3005 LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2024-05-02
CVE-2024-2249 LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — LA-Studio Element Kit for ElementorCWE-79 6.4 Medium2024-03-14

This page lists every published CVE security advisory associated with choijun. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.