20 malware issues: Detected encoded JavaScript code commonly used to hide malicious behaviour.
errors in this malscript

wXw.lavaggioterreni.it/js/jquery.min.php?utt=G91825%26utm=
info: [decodingLevel=0] found JavaScript
error: undefined variable document.referrer
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.referrer = 1;
error: line:1: …^

ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:JS:GEN2?web.js.malware.fake_jquery.002 htxp://www.vermontia.org/en/
Persisitent malware since: Mon Apr 17 22:45:46 2017…

WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress under 4.8

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None admin
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Three vulnerable jQuery libraries: http://retire.insecurity.today/#!/scan/fef41d0a2b77e08e9667161c4bb037f2df00135a117705de78e3e7ec7c18d330

See this scan for external script: http://www.domxssscanner.com/scan?url=http%3A%2F%2Flib.sinaapp.com%2Fjs%2Fjquery%2F1.5%2Fjquery.min.js%3Fver%3D1.5

F-status and recommendations: https://observatory.mozilla.org/analyze.html?host=www.vermontia.org

PHP exploitable: https://www.exploit-db.com/exploits/34273/

That the website has been used to launch persistent malcode, can be concluded by the secure sri-hash status,
so “same origin policy” is being guaranteed by assumed malcreants. ???

On DOM, JSON and API etc. → https://urlscan.io/result/21b184a5-2575-471d-80a9-ed6c1c55cabb#summary

polonus (volunteer website security analyst and website error-hunter)