A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.