Not sure how, but Joomla, WordPress and other CMS's need to find a better way to improve their security features. It is hard for me to believe that a "high-severity vulnerability that allows remote users to create accounts and increase their privileges on any Joomla" it was just missed all these years.
A good code review needed to find this.