Last night, I got an email pointing out a vulnerability in the
After entering your email address, press enter or return and if you are registered you will be taken to the next log-on stage. If you are not an existing registered member, then please select the "I'm not registed yet" button below and follow the registration details.
I’ve gone through all the code for the whole plugin, making sure that vulnerability was plugged and not repeated anywhere else. The WordPress security team have also been notified.
Version 0.810 has got rid of the vulnerability. In the unlikely any malicious people have already exploited the vulnerabilty – their address field will look like a bunch of code but not actually do anything bad.