CVE-2025-67950
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Blind SQL injection in All In One SEO Pack plugin for WordPress allows attackers to extract database information via crafted input, affecting versions up to 4.9.1.
The vulnerability is a blind SQL injection in the All In One SEO Pack plugin for WordPress, due to improper neutralization of special elements used in SQL commands. This affects versions from n/a through 4.9.1 [1].
Attackers can exploit this by sending specially crafted requests that inject SQL code, potentially allowing them to interact with the database. The reference indicates that this could allow a malicious actor to directly interact with the database, including stealing information [1].
The impact of successful exploitation includes reading sensitive data from the database, such as user credentials or other confidential information. The vulnerability is considered high severity (CVSS 8.5) and may be used in mass-exploit campaigns [1].
The vendor has released version 4.9.1.1 to fix the issue. Users are strongly advised to update to this version or later immediately [1]. Patchstack users can enable auto-update for vulnerable plugins.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.