PT-2025-46269 · WordPress+1 · Document Pro Elementor – Documentation & Knowledge Base+1

Nabil Irawan

Published

2025-11-11

Updated

2025-11-11

CVE-2025-11997

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress versions prior to 1.1.0

Description The plugin exposes sensitive Algolia API keys through the frontend JavaScript code via wp localize script without proper access restrictions. This allows unauthenticated attackers to view these API keys in the page source, potentially enabling unauthorized API calls to the configured Algolia search service.

Recommendations Update the Document Pro Elementor – Documentation & Knowledge Base plugin to version 1.1.0 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-11997

Affected Products

Algolia

Document Pro Elementor – Documentation & Knowledge Base

CVE-2025-11997

Weakness Enumeration

Related Identifiers

Affected Products

References · 5