Defender logs WP vulnerability for version 4.7.5

I see a log by defender over:
WordPress Vulnerability
Version: 4.7.5
and
WordPress 2.3-4.7.4 - Host Header Injection in Password Reset
Vulnerability type: UNKNOWN
This bug has been fixed, but defender still logs it.