The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do. Now we are all aware of the fact that virworx is vulnerable right now. [Also, this is the kind of coding error only very unexperienced web developers would create.. So much for Virwox]