Excuse me while collect my jaw off the floor...
...you're not going to release security patches in the interim to the issues raised that place an immediate threat to all version of ReviewPost because you want to release your new version of the codebase? So instead you're going to expedite the new release you are working on and chuck it out in BETA form in a few weeks?
So those of us wanting to use ReviewPost in a production environment go from having a hugely unsecure version of your software to one that's BETA status and presumably flawed in ways we don't know yet.
At a guess it'd take you guys about an hour of your time to go through your code and fix the immediate holes (such as any XSS/SQL injections that are apparent), then just post a revision to the code publically.
Sorry for being so candid but your response just begs my sheer disbelief. I can only assume that there's something I don't know about in your development methodology or something but on the face of it as a member on a product support forum I've never heard a response like it. Are there so many security problems that a security maintenance release is too much work and time better spent on the newer code revision?
Edit: Today I've just added a heap more issues that look to me to have been unchecked. Again they were all reported under PhotoPost and do not look to have been checked/fixed against ReviewPost to which they also apply. Without a copy of the PhotoPost code it's hard to directly compare the fixes that may have been applied to the other code set so some reports may not apply, however I've checked the reports against ReviewPost to the best of my ability and reported on those that look to do look to be at risk.
Developers may wish to consult the following resources to cross check each reported PP bug against RP:
http://cve.mitre.org/ http://secunia.com/