"wordpress core file modified" question

Hi there—

About a week ago, I got an email from my WordFence account, and it said:

Critical Problems:
* WordPress core file modified: wp-admin/css/press-this.min.css
* WordPress core file modified: wp-admin/includes/menu.php
* WordPress core file modified: wp-admin/js/dashboard.min.js
* WordPress core file modified: wp-admin/menu.php
* WordPress core file modified: wp-admin/network/site-themes.php
* WordPress core file modified: wp-includes/css/jquery-ui-dialog-rtl.css
* WordPress core file modified: wp-includes/js/mediaelement/wp-mediaelement.js
Warnings:
* Modified plugin file: wp-content/plugins/contact-form-7/admin/css/styles.css
* Modified plugin file: wp-content/plugins/contact-form-7/admin/includes/editor.php
* Modified plugin file: wp-content/plugins/contact-form-7/languages/contact-form-7-sv_SE.mo
* Modified plugin file: wp-content/plugins/contact-form-7/modules/textarea.php

Some of the changes seemed pretty meaningless:

In wp-includes/css/jquery-ui-dialog-rtl.css, there are changes like:
font: normal 20px/1 dashicons;
—to—
font: normal 20px/1 ‘dashicons’;

In wp-includes/pomo/translations.php, there are changes like:
* @version $Id: translations.php 1157 2015-11-20 04:30:11Z dd32 $
—to—
* @version $Id: translations.php 718 2012-10-31 00:32:02Z nbachiyski $
—and—
if ( ! class_exists( ‘NOOP_Translations’, false ) ):
—to—
if ( !class_exists( ‘NOOP_Translations’ ) ):

In Contact Form 7, some of the changes were:
add_action( ‘wpcf7_admin_init’, ‘wpcf7_add_tag_generator_textarea’, 20 );
—to—
if ( is_admin() ) {
add_action( ‘admin_init’, ‘wpcf7_add_tag_generator_textarea’, 20 );
}

But there were some other changes (like the ones to wp-admin/menu.php) that were more extensive. It was nothing like that bloated text that’s obvious hacking—just changes/deletions to code sections. I don’t know enough about coding to see if they’re damaging/malicious, but they didn’t seem so.

I looked at the original files, and according to the “Files Last Modified” tab, the modifications to Contact Form 7 came at Friday the 18th of December at 04:56:03, and the changes to the modifications to the WordPress core were made immediately after that, at Friday the 18th of December at 04:56:12. I’m guessing that the plugin changes and the core changes are related. That said, according to the Contact Form 7 plugin page, the last update to the plugin was made on September 17, 2015, so there was no official update to the plugin.

So—does this seem like my site has been hacked? And if so, should I select “Restore the original version of this file” for each issue, or will I need to take more drastic action and delete the whole site and upload a saved backup? There’s nothing odd or “off” about the site as of right now, but I didn’t do anything where the core files should be modified, and it’s a little alarming.

Any guidance you can provide would be very helpful!

Matt

Ps—Also, not sure if it’s relevant, but the “/languages/contact-form-7-sv_SE.mo” file had a bunch of exotic-looking characters in it; not sure if that’s normal for that sort of file, or if it’s problematic. The original file had exotic-looking characters, so I’m figuring that’s ok.

https://wordpress.org/plugins/wordfence/