The all-in-one-wp-security-and-firewall plugin prior to 3.9.1 for WordPress has multiple SQL injection issues.
tipsandtricks-hq all in one wp security \\& firewall