Defender file scan 3 files

I see these files in defender after the scan and I am concern about it. here's a screenshot and I try to solve one but its still here after I updated the WordPress to 4.9.2
WordPress Vulnerability
Version: 4.9.1
WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)

Vulnerability type: XSS
This bug has been fixed in version: 4.9.2

Suspicious File Issue Unknown file in WordPress core
Suspicious File Issue Unknown file in WordPress core

and here is a screenshot of the 3 files in question;

  • Predrag Dubajic
    • Support

    Hi George,

    Hope you're doing well :slight_smile:

    Robots.txt and Sitemap.xml files are not the part of the WP itself but are usual files for handling your SEO.
    Defender should usually be ignoring these but I could replicate the same thing on my installation so I have created a report for our developers to check it out.
    Bottom line, these two are safe and you can ignore them from Defender scan reports.

    As for the third report, this is actually quite strange, when I go to Dashboard > Updates panel on your site it does show that there are no updates available, however if you check the bottom right corner you can clearly see that it shows 4.9.1 as version number.
    Same version is also shown if you go to Dashboard panel.

    So it looks like there was something wrong during the update process that shows wrong version number.

    What you could try is restoring a backup from before the update and then do it again and see if it will show correct version after that.

    Or you can download new installation from and then re-write the current files with the new ones, just make sure not to replace wp-content folder as well as wp-config.php and .htaccess files.

    Before doing any of the above I suggest creating a full backup of your current installation just in case that something goes wrong.

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.