Although the potential for this misuse was only theoretical, Austin said he began alerting Wix repeatedly about the vulnerability on Oct. 10, but heard nothing back. Previously he found bugs in Facebook, Yahoo and Spotify.
On Thursday, Wix responded and said the problem had been fixed.
"We take the security of our customers very seriously. After thorough examination we can state that the issue has been addressed," the company said in an email. "We do operate a formal bug bounty program and are taking steps to widen the community."
Austin said the vulnerability should have been easy to patch with the deletion of a few lines of code.
Sign up for CIO Asia eNewsletters.