Sorry for the semantics. I'm not associated with the plugin in any way but we take report of plugins (say) exposing XSS-scripting holes very seriously and try to act quickly to remove such plugins and notify the authors. In this case it's more that the plugin isn't doing its job properly - which, I agree, is an issue for the plugin's author & users but has no practical impact on WordPress security in general.
As I've now effectively de-railed your topic, I will happily close this one if you want to post a fresh topic for the plugin author's attention. But I'd be grateful if you would keep words like "hack" and "vulnerability" out of the topic's subject. Otherwise, another forum mod like myself might become concerned and start checking all over again.