Watch Out Wednesday – January 10, 2024

Home » Watch Out Wednesday – January 10, 2024

Understanding Vulnerabilities in WordPress Plugins

Every week, we highlight known vulnerabilities in WordPress plugins. This information helps you stay informed about potential risks and take appropriate action to protect your website. By addressing these vulnerabilities, you ensure the safety and integrity of your WordPress site and its data.

Plugin: Ideal Interactive Map

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Complianz – GDPR/CCPA Cookie Consent

Vulnerability: Authenticated(Administrator+) Stored Cross-site Scripting via settings
Patched Version: 6.5.6
Recommended Action: Update to version 6.5.6, or a newer patched version

Plugin: Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 1.5.2
Recommended Action: Update to version 1.5.2, or a newer patched version

Plugin: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA

Vulnerability: Missing Authorization
Patched Version: 3.1.22
Recommended Action: Update to version 3.1.22, or a newer patched version

Plugin: Happy Addons for Elementor Pro

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 2.10.0
Recommended Action: Update to version 2.10.0, or a newer patched version

Plugin: Gecka Terms Thumbnails

Vulnerability: Authenticated (Subscriber+) PHP Object Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Live Composer – Free WordPress Website Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.5.24
Recommended Action: Update to version 1.5.24, or a newer patched version

Plugin: Download Monitor

Vulnerability: Authenticated (Admin+) SQL Injection
Patched Version: 4.9.5
Recommended Action: Update to version 4.9.5, or a newer patched version

Plugin: WP SOCIAL BOOKMARK MENU

Vulnerability: Cross-Site Request Forgery to Settings Update
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Happy Addons for Elementor

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 3.10.1
Recommended Action: Update to version 3.10.1, or a newer patched version

Plugin: Ajax Search Lite – Live Search & Filter

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 4.11.5
Recommended Action: Update to version 4.11.5, or a newer patched version

Plugin: EventON

Vulnerability: WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7
Patched Version: 2.2.8
Recommended Action: Update to version 2.2.8, or a newer patched version

Plugin: Easy SVG Allow

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting via SVG
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Swift SMTP (formerly Welcome Email Editor)

Vulnerability: Cross-Site Request Forgery
Patched Version: 5.0.7
Recommended Action: Update to version 5.0.7, or a newer patched version

Plugin: LearnPress – WordPress LMS Plugin

Vulnerability: Command Injection
Patched Version: 4.2.5.8
Recommended Action: Update to version 4.2.5.8, or a newer patched version

Plugin: HTML5 SoundCloud Player with Playlist Free

Vulnerability: Authenticated (Author+) PHP Object Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Orbit Fox by ThemeIsle

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields
Patched Version: 2.10.27
Recommended Action: Update to version 2.10.27, or a newer patched version

Plugin: Constant Contact Forms

Vulnerability: Information Disclosure via Log Files
Patched Version: 2.4.3
Recommended Action: Update to version 2.4.3, or a newer patched version

Plugin: Live Composer – Free WordPress Website Builder

Vulnerability: Authenticated (Author+) PHP Object Injection
Patched Version: 1.5.29
Recommended Action: Update to version 1.5.29, or a newer patched version

Plugin: Posts to Page

Plugin: HTML5 MP3 Player with Playlist Free

Vulnerability: Authenticated (Author+) PHP Object Injecton
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

Vulnerability: Cross-Site Request Forgery
Patched Version: 3.8.2
Recommended Action: Update to version 3.8.2, or a newer patched version

Plugin: WP Ultimate Review

Vulnerability: IP Spoofing
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress Live Chat Plugin for Elementor – LiveChat

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.0.14
Recommended Action: Update to version 1.0.14, or a newer patched version

Plugin: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Vulnerability: Unauthenticated Arbitrary File Upload via uploadFile
Patched Version: 1.5.2
Recommended Action: Update to version 1.5.2, or a newer patched version

Plugin: ActivityPub

Vulnerability: Missing Authorization
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version

Plugin: Booster Plus for WooCommerce

Vulnerability: Missing Authorization to Order Information Disclosure
Patched Version: 7.1.2
Recommended Action: Update to version 7.1.2, or a newer patched version

Plugin: WP Plugin Lister

Vulnerability: Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WordPress Users

Plugin: OneClick Chat to Order

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 1.0.6
Recommended Action: Update to version 1.0.6, or a newer patched version

Plugin: Woocommerce Tranzila Payment Gateway

Vulnerability: Unauthenticated PHP Object Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Gallery Plugin for WordPress – Envira Photo Gallery

Vulnerability: Missing Authorization to Gallery Modification via envira_gallery_insert_images
Patched Version: 1.8.7.3
Recommended Action: Update to version 1.8.7.3, or a newer patched version

Plugin: WP-Members Membership Plugin

Vulnerability: Missing Authorization to Sensitive Information Exposure
Patched Version: 3.4.9
Recommended Action: Update to version 3.4.9, or a newer patched version

Plugin: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 6.7.1
Recommended Action: Update to version 6.7.1, or a newer patched version

Plugin: Product Delivery Date for WooCommerce – Lite

Vulnerability: Missing Authorization
Patched Version: 2.7.1
Recommended Action: Update to version 2.7.1, or a newer patched version

Plugin: Customer Reviews for WooCommerce

Vulnerability: Authenticated (Author+) Arbitrary File Upload
Patched Version: 5.38.10
Recommended Action: Update to version 5.38.10, or a newer patched version

Plugin: Laybuy Payment Extension for WooCommerce

Plugin: Quiz Maker

Vulnerability: Missing Authorization
Patched Version: 6.5.1.2
Recommended Action: Update to version 6.5.1.2, or a newer patched version

Plugin: Revolut Gateway for WooCommerce

Vulnerability: Missing Authorization
Patched Version: 4.9.8
Recommended Action: Update to version 4.9.8, or a newer patched version

Plugin: Coupon Referral Program

Vulnerability: Sensitive Information Disclosure
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: List category posts

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: 0.89.4
Recommended Action: Update to version 0.89.4, or a newer patched version

Plugin: Seraphinite Alternative Slugs Manager

Vulnerability: Cross-Site Request Forgery
Patched Version: 1.4
Recommended Action: Update to version 1.4, or a newer patched version

Plugin: WP Job Manager

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.1.0
Recommended Action: Update to version 2.1.0, or a newer patched version

Plugin: Custom User CSS

Plugin: Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Vulnerability: Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url
Patched Version: 1.5.9
Recommended Action: Update to version 1.5.9, or a newer patched version

Plugin: Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 5.9.3
Recommended Action: Update to version 5.9.3, or a newer patched version

Plugin: Community by PeepSo – Download from PeepSo.com

Vulnerability: Cross-Site Request Forgery to User Post Creation
Patched Version: 6.3.1.2
Recommended Action: Update to version 6.3.1.2, or a newer patched version

Plugin: Beds24 Online Booking

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.0.25
Recommended Action: Update to version 2.0.25, or a newer patched version

Plugin: EventON

Vulnerability: WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free)
Patched Version: 2.2.9
Recommended Action: Update to version 2.2.9, or a newer patched version

Plugin: cformsII

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Infogram – Add charts, maps and infographics

Plugin: MailerLite – WooCommerce integration

Vulnerability: Missing Authorization via Multiple Functions
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version

Plugin: Randomize

Vulnerability: Authenticated (Contributor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Vulnerability: Missing Authorization
Patched Version: 8.22.0
Recommended Action: Update to version 8.22.0, or a newer patched version

Plugin: WordPress Live Chat Plugin for WooCommerce – LiveChat

Vulnerability: Cross-Site Request Forgery
Patched Version: 2.2.17
Recommended Action: Update to version 2.2.17, or a newer patched version

Plugin: Site Notes

Vulnerability: Cross-Site Request Forgery to Admin Note Deletion
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WP Job Manager

Vulnerability: Missing Authorization
Patched Version: 2.1.0
Recommended Action: Update to version 2.1.0, or a newer patched version

Plugin: HTML5 MP3 Player with Folder Feedburner Playlist Free

Plugin: Cloudflare

Vulnerability: Missing Authorization via initProxy
Patched Version: 4.12.3
Recommended Action: Update to version 4.12.3, or a newer patched version

Plugin: Wp-Adv-Quiz

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Void Contact Form 7 Widget For Elementor Page Builder

Vulnerability: Missing Authorization
Patched Version: 2.4
Recommended Action: Update to version 2.4, or a newer patched version

Plugin: RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more

Vulnerability: Missing Authorization via multiple AJAX actions
Patched Version: 2.19.14
Recommended Action: Update to version 2.19.14, or a newer patched version

Plugin: Keap Official Opt-in Forms

Plugin: Advanced Flamingo

Vulnerability: Cross-Site Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: MailerLite – WooCommerce integration

Vulnerability: Cross-Site Request Forgery via Multiple AJAX Functions
Patched Version: 2.0.9
Recommended Action: Update to version 2.0.9, or a newer patched version

Plugin: Relevanssi – A Better Search (Pro)

Vulnerability: Missing Authorization to Unauthorized Post Access
Patched Version: 2.25.0
Recommended Action: Update to version 2.25.0, or a newer patched version

Plugin: AI Engine

Vulnerability: Unauthenticated Arbitrary File Upload via rest_upload
Patched Version: 1.9.99
Recommended Action: Update to version 1.9.99, or a newer patched version

Plugin: Seraphinite Accelerator

Vulnerability: Unauthenticated Sensitive Information Exposure via Log File
Patched Version: 2.20.48
Recommended Action: Update to version 2.20.48, or a newer patched version

Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

Vulnerability: Authenticated (Author+) Stored Cross-Site Scripting
Patched Version: 4.3.3
Recommended Action: Update to version 4.3.3, or a newer patched version

Plugin: CPT Bootstrap Carousel

Vulnerability: Reflected Cross-Site Scripting
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Footer Putter

Plugin: LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

Vulnerability: Missing Authorization
Patched Version: 2.6.9
Recommended Action: Update to version 2.6.9, or a newer patched version

Plugin: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Vulnerability: Authenticated (Accounting manager+) SQL Injection
Patched Version: 1.12.9
Recommended Action: Update to version 1.12.9, or a newer patched version

Plugin: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Vulnerability: Unauthenticated SQL Injection via userToken
Patched Version: 1.5.2
Recommended Action: Update to version 1.5.2, or a newer patched version

Plugin: Word Replacer Pro

Vulnerability: Missing Authorization
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu)

Vulnerability: Cross-Site Request Forgery to Sensitive Information Exposure
Patched Version: 2.6.7
Recommended Action: Update to version 2.6.7, or a newer patched version

Plugin: Contact Form 7 Extension For Mailchimp

Vulnerability: Authenticated (Subscriber+) Server-Side Request Forgery
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: WooCommerce Conversion Tracking

Vulnerability: Missing Authorization
Patched Version: 2.0.12
Recommended Action: Update to version 2.0.12, or a newer patched version

Plugin: GD Rating System

Vulnerability: Unauthenticated Stored Cross-Site Scripting via IP
Patched Version: 3.5.1
Recommended Action: Update to version 3.5.1, or a newer patched version

Plugin: Wp-Adv-Quiz

Vulnerability: Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Question and Message
Patched Version: 1.0.3
Recommended Action: Update to version 1.0.3, or a newer patched version

Plugin: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

Vulnerability: Missing Authorization
Patched Version: 4.3.3
Recommended Action: Update to version 4.3.3, or a newer patched version

Plugin: EventON

Vulnerability: WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7
Patched Version: 2.2.8
Recommended Action: Update to version 2.2.8, or a newer patched version

Plugin: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Vulnerability: Cross-Site Request Forgery via save
Patched Version: 2.0.7
Recommended Action: Update to version 2.0.7, or a newer patched version

Plugin: Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics

Plugin: WordPress Button Plugin MaxButtons

Vulnerability: Authenticated (Administrator+) Stored Cross-Site Scripting
Patched Version: 9.7.6
Recommended Action: Update to version 9.7.6, or a newer patched version

Plugin: Page Builder: Pagelayer – Drag and Drop website builder

Vulnerability: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields
Patched Version: 1.7.9
Recommended Action: Update to version 1.7.9, or a newer patched version

Plugin: Mapster WP Maps

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.2.39
Recommended Action: Update to version 1.2.39, or a newer patched version

Plugin: pTypeConverter

Vulnerability: Authenticated (Editor+) SQL Injection
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Auto Affiliate Links

Vulnerability: Cross-Site Request Forgery
Patched Version: 6.4.2.8
Recommended Action: Update to version 6.4.2.8, or a newer patched version

Plugin: Hostinger Tools

Vulnerability: Missing Authorization to Maintenance Mode Activation
Patched Version: 1.9.8
Recommended Action: Update to version 1.9.8, or a newer patched version

Plugin: Booster Plus for WooCommerce

Vulnerability: Missing Authorization to Arbitrary Options Disclosure
Patched Version: 7.1.3
Recommended Action: Update to version 7.1.3, or a newer patched version

Plugin: WP Compress – Instant Performance & Speed Optimization

Vulnerability: Unauthenticated Directory Traversal via css
Patched Version: 6.10.34
Recommended Action: Update to version 6.10.34, or a newer patched version

Plugin: Booster Plus for WooCommerce

Vulnerability: Missing Authorization to Arbitrary Page/Post Deletion
Patched Version: 7.1.2
Recommended Action: Update to version 7.1.2, or a newer patched version

Plugin: Private Google Calendars

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 20240106
Recommended Action: Update to version 20240106, or a newer patched version

Plugin: Community by PeepSo – Download from PeepSo.com

Vulnerability: Reflected Cross-Site Scripting
Patched Version: 6.3.1.2
Recommended Action: Update to version 6.3.1.2, or a newer patched version

Plugin: Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder

Plugin: WooCommerce

Vulnerability: Cross-Site Request Forgery
Patched Version: 8.3.0
Recommended Action: Update to version 8.3.0, or a newer patched version

Plugin: Oxygen Builder

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
Patched Version: 4.8.1
Recommended Action: Update to version 4.8.1, or a newer patched version

Plugin: Ads Invalid Click Protection

Plugin: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Vulnerability: Cross-Site Request Forgery
Patched Version: 21.2.9
Recommended Action: Update to version 21.2.9, or a newer patched version

Plugin: Booster Elite for WooCommerce

Vulnerability: Missing Authorization to Order Information Disclosure
Patched Version: 7.1.2
Recommended Action: Update to version 7.1.2, or a newer patched version

Plugin: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Vulnerability: Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode
Patched Version: 3.10.8
Recommended Action: Update to version 3.10.8, or a newer patched version

Plugin: Email Encoder – Protect Email Addresses and Phone Numbers

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.1.10
Recommended Action: Update to version 2.1.10, or a newer patched version

Plugin: TJ Shortcodes

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Patched Version: No patched version available
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Plugin: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 4.4.7
Recommended Action: Update to version 4.4.7, or a newer patched version

Plugin: JS & CSS Script Optimizer

Plugin: oEmbed Gist

Plugin: Football Pool

Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 2.11.4
Recommended Action: Update to version 2.11.4, or a newer patched version

Plugin: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Vulnerability: HTML Injection
Patched Version: 6.7.1
Recommended Action: Update to version 6.7.1, or a newer patched version

Plugin: ElementsKit Elementor addons

Vulnerability: Unauthenticated Sensitive Information Exposure
Patched Version: 3.0.4
Recommended Action: Update to version 3.0.4, or a newer patched version

***

Check out the Watch Out Wednesday Archive for past Watch Out Wednesday posts.

About the Author

Odell Duppins Jr

Well qualified professional with plenty of hands on experience with various technologies. Excellent analytical and troubleshooting skills with a keen ability of developing and/or simplifying processes by finding and developing new innovative solutions.