Improper Control of Interaction Frequency in shopware/administration

Summary

Shopware is an open-source e-commerce software platform. In Shopware, the default settings for "double-opt-in" allow for mass unsolicited "newsletter" sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disable, and Log-in & sign-up: Double opt-in on sign-up set to disable. With these settings, anyone can register for an account in the shop using any e-mail-address and then check the check-box on the account page to sign up for the newsletter. The recipient will receive two emails confirming registering and signing up for the newsletter. No confirmation link needs to be clicked for either. In the backend, the recipient is set to "instantly active". This issue affects both shopware/core and shopware/platform packages versions through 6.5.8.18, 6.6.0.0-rc1 through 6.6.10.2, and 6.7.0.0-rc1.