Defender is deteckting an issue that seams not to real

Defender is reporting that my WP version is vulnerable or not updated but is not, or may not be.

WordPress Vulnerability Version: 4.7.5
WordPress 2.3-4.7.5 - Host Header Injection in Password Reset

Vulnerability type: UNKNOWN
This bug has been fixed in version:

My WP are all updated according to the backend
Please confirm that this is a bug or let me know what to do

I have also lost my settings (those related to false positive) from the last big update of the plugin. I hope you could preserve those one in future update. Manteining yours pluggins is becoming a tedious task. No matter if they are good or not if I have to re-conf them from time to time you are loosing value (this is just a personal thought that I hope it may help you)