I don't get it, how is this a vulnerability? if someone already got access to admin account information and logged in as admin, this will not stop them from do whatever they want to, let alone use this security hole for anything...I mean, sure it's a bug, should be fixed, but call it a security bug...