The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.Referenceshttps://wordpress.org/plugins/total-security/#developers
