It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. Please see the information contained in the tracker bug 603752.
I've bumped wordpress to the latest version 4.7 which is not vulnerable.
No, vanilla WordPress v4.7 is vulnerable. It ships the vulnerable PHPMailer class (just renamed). Upstream already merged the patched version, see $URL, but changes not released yet.
(In reply to Thomas Deutschmann from comment #2) > No, vanilla WordPress v4.7 is vulnerable. It ships the vulnerable PHPMailer > class (just renamed). Upstream already merged the patched version, see $URL, > but changes not released yet. Thanks for the clarification.
Bump to 4.7.1 with a fix. commit 67671baada119a8d4b6491afd9bfffe8c397f0c2 Author: Sebastian Pipping <sping@g.o> Date: Wed Jan 11 21:18:00 2017 +0100 www-apps/wordpress: 4.7.1 (bug #603754) Package-Manager: Portage-2.3.3, Repoman-2.3.1 www-apps/wordpress/Manifest | 1 + www-apps/wordpress/wordpress-4.7.1.ebuild | 56 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) https://github.com/gentoo/gentoo/commit/67671baada119a8d4b6491afd9bfffe8c397f0c2
@ Maintainer(s): Thank you for the bump. Cleanup will happen as part of bug 605408.
