Security issue

Malcolm,
Do I understand correct that the security problem with cross-scripting can only occur when users with at least contributor level access to the wordpress site use such an attack? So for general public without login there is no/limited open risk?
Do you have an estimated date when a new version will be available? I’m sorry for the questions, but we really appreciate your plugin and depend on it for our seating reservations.