CVE-2025-11997
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | document_pro_elementor | 1.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Document Pro Elementor β Documentation & Knowledge Base plugin for WordPress allows unauthenticated attackers to access sensitive Algolia API keys. These keys are exposed through the frontend JavaScript code via wp_localize_script without proper access restrictions, making it possible to view them in the page source.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to obtain sensitive Algolia API keys, which they could use to make unauthorized API calls to the configured Algolia search service. This could lead to unauthorized access or manipulation of search data or services.