In a coordinated effort, the folks from Sucuri and Yoast have worked together to identify a security vulnerability in multiple WordPress plugins, including some of the top plugins in the repository.
A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL client software, but only exploitable on poorly configured web servers. Both clients and servers are at risk. Web site owners can protect their sites by properly configuring their web servers by removing affected ciphers and restarting their servers.