On April 10, 2014, a security flaw in the popular WordPress plugin Jetpack was discovered. The vulnerability allowed attackers to perform actions on blogs without logging in, such as posting content. This issue has been assigned CVE number CVE-2014-0173 and is fixed in Jetpack 2.9.3. All users of the plugin are advised to update immediately. CloudFlare customers using WordPress are automatically protected against this bug through a Web Application Firewall (WAF) rule, but upgrading Jetpack is still recommended for optimal security.