No explanation for alert

can you post a screenshot of the email here? (blank out any sensitive details of course). I want to be sure I’m seeing what you are.
tim

This email was sent from your website “oursite.Org” by the Wordfence plugin.
Wordfence found the following new issues on “oursite.Org”.
Alert generated at Sunday 12th of April 2015 at 09:23:26 PM
Warnings:
* Modified plugin file: wp-content/plugins/lightbox-plus/admin/lightbox.admin.css
* Modified plugin file: wp-content/plugins/lightbox-plus/admin/lightbox.admin.php
* Modified plugin file: wp-content/plugins/lightbox-plus/admin/lightbox.inline.php
* Modified plugin file: wp-content/plugins/lightbox-plus/admin/lightbox.secondary.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/actions.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/filters.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/init.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/shd.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/shortcode.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/classes/utility.class.php
* Modified plugin file: wp-content/plugins/lightbox-plus/css/black/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/blue/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/green/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/grey/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/purple/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/red/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/shadowed/colorbox-ie.php
* Modified plugin file: wp-content/plugins/lightbox-plus/css/shadowed/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/teal/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/white/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/css/yellow/colorbox.css
* Modified plugin file: wp-content/plugins/lightbox-plus/lightboxplus.php

Looks like the author modified code directly in the www.ads-software.com repository instead of actually doing it in a release. ( see https://www.ads-software.com/support/topic/last-update-4-12-2015-wordfence-rejected-many-lb-files?replies=2 )
In cases like this we see the version in the repository is one way but the version you have is another way, and that the version number is the same. I think you are safe here but you should ask the developer to do a proper release so that false positives like this are not flagged. All the people that haven’t got wordfence or just updated don’t get the changes if you don’t do a release.

tim

Thanks again Tim.

We have left your comments on that plugin’s support page.

I see a similar “false positive” occasionally when a readme is updated, often it is just to indicate that the version is tested with a higher version of WordPress. In those cases I just edit the file on my server to match, so it won’t get flagged again.

Thanks again!

Same issue.
Seems like the Lightbox Plus Colorbox plugin did it again.. changed files in wp.org without changing the version number.

https://www.ads-software.com/support/topic/plugin-author-changed-code-but-did-not-change-plugin-version-number

You can notify the plugin author on their support page that this is causing trouble — usually if they modified multiple files, the best way to handle it is to uninstall their plugin, and install it again, to make sure you have the latest files.

After reinstalling the lightbox plugin, you may still get warnings on the same files from Wordfence until they do another full release, but you can choose the option to ignore the files until they change, so they would still be flagged if a real malicious change happens.