We’ve had reports about WordFence classifying the additional-consent-providers.csv file as suspicious/malware. This message by WordFence, however, is a false positive.
The file in question is nothing more than a spreadsheet (in .CSV format) provided by Google themselves, and contains a list of Ad Technology Providers alongside their URLs/IDs. This file is necessary to display the list of non-IAB Ad Tech Vendors that are able to serve ads on your website.
It concerns the exact same file as provided by Google in this article (https://support.google.com/admanager/answer/9681920?hl=en), under the heading “Where will the Google ATPs be published?”.
You can compare the version of the file that you received from Complianz, with the version Google provides in the above article; and you will find that these are an exact match. There are no differences between these files.
The file contains an URL of a specific Ad Technology Provider which WordFence flags as being suspicious/malicious, and it therefore marks the CSV file as such. You may rest assured that this does not concern actual malware present in the Complianz plugin, the file in question is the exact same file as listed in the above Google article.
We have notified WordFence regarding the matter, and hope for this message to be corrected in the very near future. If you have any further concerns, feel free to contact Support.