Maybe yes. But it’s more important to understand how much users’ data will be exposed if this was exploited by a bad hacker. Else, the vendor will not show any interest in fixing this issue.