The WPPizza plugin for WordPress has a security issue called Reflected Cross-Site Scripting. This means that the plugin does not properly filter or protect user input and output, making it vulnerable to attacks. People who are not logged in to the site can potentially insert harmful code into the pages, causing them to run without the user’s knowledge. This can happen if the attacker is able to trick the user into clicking on a link.