Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.