The all-in-one-wp-security-and-firewall plugin prior to 4.0.9 for WordPress has multiple SQL injection issues.
tipsandtricks-hq all in one wp security \\& firewall