Thank you for using our plugin @netzenrob
That file is from the Bacon QR generator library we use in the plugin, that is used to generate the QR codes for 2FA. You can see the project source code on Github.
I can confirm that it is a legitimate file and there are no issues, so as Wordfence suggested, you can safely exclude this file from the scans.
Please let us know should you need any further information.