CVE-2022-1691: 
WordPress vulnerability analysis and mitigation

CVE-2022-1691 affects the Realty Workstation WordPress plugin versions below 1.0.15. The vulnerability was discovered by Daniel Krohmer from Fraunhofer IESE and Shi Chen from the University of Kaiserslautern, Germany. It was publicly disclosed on May 9, 2022, and received a CVSS score of 7.7 (High) (WPScan).

The vulnerability is classified as an SQL Injection (SQLI) vulnerability, categorized under OWASP Top 10 A1: Injection and CWE-89. The security flaw exists because the plugin fails to properly sanitize and escape the trans_edit parameter when an agent edits a transaction, which can lead to SQL injection attacks (WPScan).

This vulnerability allows authenticated users with agent privileges to perform SQL injection attacks against the affected WordPress installations. The high CVSS score of 7.7 indicates that successful exploitation could lead to significant database compromise and potential unauthorized access to sensitive information (WPScan).

The vulnerability has been fixed in version 1.0.15 of the Realty Workstation plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).