While I agree CoreGUI being put behind UI in this instance is not good, it still undermines the other large issue here.
The fact that this appears to be happening is because developers are inserting free code that they’re not vetting. This is a you issue, not a roblox issue for that specific bit. That said, your issue should just be listed as “UI can be shown over the CoreGUI”, as this could be used in both a malicious and legitimate purpose to override CoreUI.
The impact is NOT and in my opinion shouldn’t be listed as High Impact. It effects select games that have somehow had scripts made by others inputted into them. Filtering Enabled integrity still works, and a user would only be able to effect their things, not others.
That said, I hope everyone gets their Robux back anyway, and that developers who are affected by this more properly screen any outside assets they use off the toolbox.