The total-security plugin prior to 3.4.1 for WordPress has a settings-change vulnerability.
fabrix total security