Session Token is not Verified while changing Account Setting's which Result In account Takeover

Hello IrcCloud Security Team, #Vulnerability Detail's:- Session Token is not Verified while changing Account Setting's which Result In account Takeover #Description:- I have found that while changing Setting Session token is not verified .So an attacker can basically plot a CSRF attack which would change the default email of the user and this would led to account takeover. #POC:- I have made proof of concept video of the same:-https://www.youtube.com/watch?v=YvlYElGb40A The Above Video is Unlisted. With Regard's Aditya Agrawal