The WP e-Commerce plugin for WordPress has a security issue with the Order Delivery Date feature. This is because it does not properly filter and protect user input, specifically the ‘event_timeslot’ parameter. This vulnerability, known as Reflected Cross-Site Scripting, allows hackers to insert malicious code onto a webpage and potentially trick users into clicking on it. This can be done without the need for authentication, meaning anyone can exploit it.