CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying problem in wordpress.

It is clear that there are a number of pre-conditions that must be in place for this
being exploitable. From wordpress 4.9 and later a third party module must be installed on the site.

The problem is there so it should not be declared as undetermined.
The severity of the problem may not be enough for fixing then then it should be declared as
postponed, ignored or similar instead.