In scanning this site, Defender flagged a file belonging to a plugin and suggested a reinstallation, which I did. Rescanning site with the reinstalled plugin from the developer yield the same result.
Can you shed more light as to why Defender thinks that it is a high risk? I think this information will be very helpful to the developer too. We are both running out of ideas on how to tackle this.