Description

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wp_localize_script without proper access restrictions. This makes it possible for unauthenticated attackers to view sensitive API keys in the page source, which could be leveraged to make unauthorized API calls to the configured Algolia search service.

INFO

Published Date :

2025-11-11T03:30:39.666Z

Last Modified :

2026-04-08T16:55:14.555Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11997 vulnerability.

Vendors Products
Elementor
  • Elementor
Ngothoai
  • Document Pro Elementor
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11997.

URL Resource
https://plugins.trac.wordpress.org/browser/document-pro-elementor/tags/1.0.9/inc/Base/DPET_Enqueue.php#L71 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/document-pro-elementor/tags/1.0.9/inc/Base/DPET_Enqueue.php#L85 cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac7455a-0c89-4f5b-84eb-b7cc87bce8d4?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact