This is a major vulnerability as hackers can use this to overload a sight and crash the server causing a simple denial of service. wordpress has been around for years now to be easily attacked like this. i have 2 firewall installed on my site (sucuri and wordfense) ad the 2 are still not able to stop ajax-admin from crashing the site since it is part of wordpress core.
