The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress has a security vulnerability in versions up to, and including, 1.8.5. This vulnerability could allow an unauthenticated attacker to modify several settings by tricking a user on the website into clicking a link. The vulnerability is caused by missing or incorrect nonce validation on several functions in the ~/includes/class-adfoxly-ajax.php file.