You probably haven't noticed that you can swap the domain name of your Kajabi Checkout to ANY domain name that's linked under Kajabi.

Yup, ANY custom domain names CNAME'd with Kajabi's endpoint, including the mykajabi.com subdomains.

Not only your domains and subdomains, but even the ones owned by other Kajabi users.

I guess this has been the case ever since the new Kajabi launched the checkout pages. It was here all along that I can't call it a vulnerability or a bug.

So here's my take on this quirk and how it poses certain risks that may outweigh its few use cases.

Very Few Benefits

I came across this quirk feature when I am playing around the Embed Checkout Forms Hack. I noticed that accessing your checkout pages using your custom domains and mykajabi subdomains are possible. And so with the other domain names under Kajabi.

I can imagine this is useful when changing domain names while having existing checkout pages. If you made campaigns and...