This is just to note that wordpress in stable does not contain the phpmailer
class, so an update to stable is not necessary.
From a cursory look the unstable version does not call the vulnerable
phpmailer code in question, but in any case getting it replaced with the
Debian copy of phpmailer is a priority.
regards,
Thijs