Read here: http://edmondscommerce.github.io/security/nhs-website-hosting-malware.html
translate.google.com/a/element.js?cb=googleTranslateElementInit

translate.google.com/a/element.js?cb=googleTranslateElementInit benign
[nothing detected] (script) translate.google.com/a/element.js?cb=googleTranslateElementInit
     status: (referer=www.somesite.nl/)saved 1427 bytes 52e778d7b628a6434f11b9f840f57dcc366da8f3
     info: [decodingLevel=0] found JavaScript
     error: undefined variable e.body.parentNode
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var e.body.parentNode = 1;
          error: line:1: ....^
     suspicious: maxruntime exceeded 10 seconds (incomplete) 73 bytes

Injection attack stems from 2014., but is still actual,

polonus (volunteer website security analyst and website error-hunter)

There were already warnings on/for that particular vulnerable plug-in, folks, read here: https://wordpress.org/support/topic/malware-found

Sucuri detects as [quote[ anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8

[/quote]
Damian