WordPress Plugin Vulnerabilities

Tabby Checkout < 5.9.1 - Unauthenticated Information Exposure

Description

The Tabby Checkout plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
tabby-checkout
Fixed in 5.9.1

References

CVE
CVE-2025-68035
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/45a34fef-c2e0-4f2c-895b-ffac4859a501

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
benzdeus
Verified
No
WPVDB ID
84520f78-5ef6-4d45-8b49-8da7064047f8

Timeline

Publicly Published
2026-01-21 (about 4 months ago)
Added
2026-01-28 (about 3 months ago)
Last Updated
2026-01-28 (about 3 months ago)

Other

Published
Title
Published
2024-02-02
Title
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
Published
2026-02-02
Title
Tutor LMS < 3.9.6 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action
Published
2025-12-08
Title
Beaver Builder – WordPress Page Builder < 2.9.4.1 - Authenticated (Contributor+) Sensitive Information Exposure
Published
2025-04-21
Title
Memberpress < 1.12.0 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2025-11-09
Title
Traveler Option Tree <= 2.8 - Authenticated (Editor+) Information Exposure