WP Defender is reporting this: WordPress Vulnerability

WP Defender is reporting this: WordPress Vulnerability Version: 4.7.4 WordPress 2.3-4.7.4 - Host Header Injection in Password Reset - And says there is a fix but there is no update to fix this. Is it reporting this in error?

Enabled Support Accèss.