WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws

Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.