Looks troublesome, see here:
http://stackoverflow.com/questions/5922762/eval-base64-decode-php-virus
http://stackoverflow.com/questions/4245594/security-breach-php-evalbase64-decode
https://wordpress.org/support/topic/nasty-code-hacks-onto-your-domain-fix-included?replies=2
It's good to see Wordfence doing it's job though :)
If you think the site is hacked, check here:
http://codex.wordpress.org/FAQ_My_site_was_hacked
If you're lucky, this might just be some malicious code sitting in those files that hasn't been executed yet. You could obtain an earlier backup, or perform a new backup, then remove the files and related plugin/theme and see if the issue goes away for good.