SQL Injection Vulnerability in Syed Balkhi All In One SEO Pack Plugin
CVE-2025-67950

Currently unrated

Key Information:

Vendor

WordPress
Status
All In One Seo Pack
Vendor
CVE Published:
16 December 2025

What is CVE-2025-67950?

A vulnerability has been identified in the All In One SEO Pack plugin, developed by Syed Balkhi, which allows for Blind SQL Injection attacks. This flaw can be exploited by an attacker to manipulate database queries, potentially leading to unauthorized data access or modification. The vulnerability impacts all versions of the plugin until 4.9.1, posing a risk for websites utilizing this SEO tool. Strong security measures and updates are essential to mitigate this type of attack.

Affected Version(s)

All In One SEO Pack <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/all-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mcdruid | Patchstack Bug Bounty Program
JSON
.
CVE-2025-67950 : SQL Injection Vulnerability in Syed Balkhi All In One SEO Pack Plugin