[xtrumanx]

This is seems to be a case of "Missing Function Level Access Control"[0] as defined by the Open Web Application Security Project (OWASP).

I highly suggest browsing OWASP's Top 10[1] if you are a software developer and believe this is not a security vulnerability.

[0] https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Funct...

[1] https://www.owasp.org/index.php/Top_10_2013-Top_10