[gk1]

You can email the owner with a few tips to fix the issue. You can even offer to do a deeper inspection for some fee.

[INIT_6]

That might be interpreted as extortion. OP read up on responsible disclosure.

[gk1]

That's why I was careful to say that you should offer tips to fix the issue, not ask for money to do so. As for the second part (offering to do a security audit), I don't see how that's any different from cold-emailing someone with a proposal to redesign their site.