I'm not wasting my time in this pointless discussion anymore, consider this my last message.
That's your call, but do you think you can apply that logic to your other vulnerability postings?
See this reply I just left.
They've been given 9 days to reply and from the day the report is sent they're given 14 days to fix it.. So I do believe that a total of 23 days is more then enough. Or?
This is not a race: ask yourself "what are you trying to accomplish?"
If you're trying to get a tangible problem fixed then just releasing the vulnerability details is not the way to go.
Reporting security vulnerabilities is serious business and always has be performed responsibly and ethically.
I'm glad you've not just rang the bell and posted the vulnerability but leaving reviews like this is not productive at all and does not accomplish anything.
If you are not a reply from the plugin author then please do the right thing and send the details to plugins [ at ] wordpress.org.
In addition to be able to pull the plugin from the repository (if necessary) that group can also attempt to contact the plugin author. Depending on what you've found they can make a decision about what to do next.