CVE-2016-10899

The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.