Bypassing Email verification

Hi Description : While registering new account on vimeo the email must be verified -> A confirmation link sent to the email the user want to register ( Without verifying user cant do some actions ).There is a Bypass for it Steps For Doing PoC : 1.If attacker have already account ( with verified email ) I have register one with [email protected] 2.The attacker add the email [email protected] 3.A message appear Image ( PoC_1.png ) 4.Here come's the main part ( The confirmation link is sent the primary email of the attacker not to the one the attacker was going to add ) ( Poc_2.png and Poc_3.png ) 5.A confirmation mail sent to the [email protected] ( Poc_2.png ) ( Poc_3.png ) 6.Attacker clicked on Verify Email address 7.The result ( PoC_4.png )