Read the official Contao announcements.
Security vulnerability CVE-2019-10643
by Leo Feyer
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. The security vulnerability has the identifier CVE-2019-10643.
The problem affects only Contao 4.7 and has been fixed in Contao 4.7.3.