CVE-2025-67950
WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerabilityImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
We have discovered 522,672 live websites that are affected by CVE-2025-67950.
Affected Software
| Product |  All in One SEO Pack |
| Category | Search Engine Optimization |
| Vulnerable Domains | 522,672 live websites (61% of All in One SEO Pack install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 297 versions ( 98% of all versions) |
Details
- Published - Dec 16, 2025
- Updated - Jan 20, 2026
Credits
- mcdruid | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-67950 United States | 132,554 websites |
 Japan | 111,505 websites |
 Germany | 33,814 websites |
 Russia | 31,743 websites |
 France | 19,675 websites |
 GB | 16,653 websites |
 Italy | 14,379 websites |
 Poland | 13,377 websites |
 Canada | 8,752 websites |
Website Distribution by TLD
Number of websites using CVE-2025-67950| .com | 231,563 websites |
| .ru | 29,850 websites |
| .jp | 24,573 websites |
| .net | 20,766 websites |
| .org | 19,915 websites |
| .de | 17,258 websites |
| .co.jp | 16,796 websites |
| .co.uk | 10,735 websites |
| .pl | 10,339 websites |
| .it | 10,246 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-67950
Top websites that are affected by CVE-2025-67950. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.net | Canada | *** | |
| **********.com |  Turkey | *** | |
| ******.*******.org | United States | *** | |
| *********.org | United States | *,*** | |
| *********.com | Italy | *,*** | |
| ******.at | Germany | *,*** | |
| ****.com | United States | *,*** | |
| ************.com | United States | *,*** | |
| *****.com | United States | *,*** | |
| ******************.us | United States | *,*** |
FAQ
A total of 522,672 websites have been identified as vulnerable to CVE-2025-67950, based on global website indexing conducted by WebTechSurvey.
The All in One SEO Pack is affected by the CVE-2025-67950 vulnerability.
All in One SEO Pack versions up to and including 4.9.1 are vulnerable to CVE-2025-67950.