It appears that WordPress 2.2 has another vulnerability. It's easy to fix, and it requires an subscriber level account in WordPress in order to exploit. See the URL. For me, I'm installing php apps in a xen VM, so I don't have to worry about security as much. But, for others this might be a real issue. On a side note, I would appreciate wordpress remaining in the portage. I know there was a discussion to remove it. But, it's up to people to make sure their own systems are secure. You could add a message after emerge, recommending that it be run inside of a VM only, and that regular backups are done, due to a long history of security vulnerabilities. Just a thought. :) Reproducible: Always Steps to Reproduce: See the URL
Oh, by the way, I just downloaded the most recent wordpress tar.gz, and it is NOT fixed in there. So perhaps there should be a patch on the gentoo side?
*** This bug has been marked as a duplicate of bug 181277 ***