The AdFoxly plugin for WordPress, which is used for managing ads and displaying AdSense ads, has a security issue where data can be changed without permission. This is because the adfoxly_ad_status() function in all versions up to 1.8.5 does not have a check to ensure that the user has the proper capabilities. This means that attackers who are not logged in can turn ads on and off without authorization.