I wouldn't post it there. I would contact them privately. We don't want any random stroller of the wordpress forums to get a hold of this.

but you would let a random stroller of hn get hold of this??

That ship has already sailed. The more places it's posted, the worse it is.

Interesting that you consider HN a hangout for good guys only. A compliment!

I never said I consider HN a hangout for good guys only. "Bad guys" are constantly looking for exploits in wordpress though, considering it's horrible track record. Therefore it's much more likely that one of them would go to the wordpress forums as opposed to here. Plus, it's already posted here, my point was to not make it any more public than it already has become.