I just got this same notice for three sites. The problem appears to me to be the fact that the url http://wordpresssupplies.com/wordpress-plugins/no-category-base/) is listed in the file that is on my site which, in this case, is the Yoast SEO changelog.txt file. It is just a reference to something that has been fixed in the past, etc.
However, it looks like wordpresssupplies.com has been flagged by Google for hosting malware. My guess is that WordFence is marking it as a problem because of that link being listed in the blacklist that Google has.
It should not be a problem for your site as it is not a "live" file. It would only be harmful to someone if they visited that wordpresssupplies.com site.
I'm not 100% sure this is the issue, but it looks most likely to me.