The normal order of events is that you inform the developer. Give them at least a month to fix it, and if they don't then you can post the a notice bout the exploit. Public disclosure gets the developers off their ass and makes everyone away to either secure their shit or remove it.
If you're running linkex right now just log in and go to settings and disable the public form for now.
|