Middag Ellen;
The autoptimize-file is the automatically created minified version of one of your site (theme/ plugin) original JS-files.
As such, it is possible the original file (which will not be referenced in the HTML) contains the same vulnerability which should also be checked/ fixed.
Alternatively but somewhat less likely it could also be the case that your site is compromised somehow and that the JS is changed by the “virus”.
Thirdly it is not impossible this was a false positive (vulnerability scanning software sometimes get it wrong).
hope this helps/ clarifies,
frank
Hallo Frank,
Thank you for your fast reply and clarification. I will keep monitoring it for a while, but I assume it was option 3 (a false positive).
Kind regards,
Ellen