Stripe: Without verifying email and activate account, user can perform all action which are not supposed to be done

A researcher discovered that it was possible to access a subset of livemode dashboard functionality without verifying the account’s email address. The livemode functionality in question was disabled in the UI, but could be accessed on the backend. Following this report, Stripe performed an internal audit of Stripe dashboard functionality for similar issues, but did not identify any sensitive functionality that was affected.