The AdFoxly plugin for WordPress websites is vulnerable to a type of attack called Cross-Site Scripting. This means that users who have not been authorized could insert malicious code into webpages that will be run when someone visits the page. This vulnerability affects versions of the plugin up to and including 1.8.4 because the plugin does not adequately protect against malicious code.