Account Takeover via CSRF

Client Side Request Forgery

There is no protection against CSRF in changing email which lead to CSRF to account takeover

https://bugreader.com/_imjitendra_@account-takeover-via-csrf-260