Defender must have had an update in the vulnerability database.

Defender must have had an update in the vulnerability database. Scan from last night showed: “WordPress 2.3-4.7.4 – Host Header Injection in Password Reset”

Also Defender offers to fix it but won’t fix it then. It shows is as a plugin/theme problem where it really should be a WordPress Core issue from what little I could gather on google.

https://monosnap.com/file/8OezKORE6XDV3Ss4x3fVCaKHFdF3Nk

Support Accèss is enabled.