Bitdefender flags site - mailchimp link malware?

Viruses and worms
1

See: https://www.virustotal.com/nl/url/f7a6b9678998442bf5f41516370c280d22ced77c455aa87b2dfcefa9bfc6c783/analysis/1415550828/
Site is indeed vulnerable: Outdated Web Server Apache Found : Apache/2.2.25
Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips DAV/2 mod_bwlimited/1.4 (header extensive info proliferation insecurity!)
Checked here: http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://chivaroli.com/wp-content/themes/Chivaroli/&MODIFIED=0
Code hick-up: chivaroli dot com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4 benign
[nothing detected] (script) chivaroli dot com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
status: (referer=chivaroli dot com/tag/los-angeles-county)saved 4289 bytes c56a854599cac0daace199ffe3501614d63dcb52
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function e.extend
error: undefined variable e
suspicious:
error: s0.wp dot com/wp-content/js/devicepx-jetpack.js?ver=201445 benign
[nothing detected] (script) s0.wp dot com/wp-content/js/devicepx-jetpack.js?ver=201445
status: (referer=chivaroli dot com/tag/los-angeles-county)saved 9301 bytes 9dc3ad631d11a47a314782687d0cf4936fa0cc41
info: [decodingLevel=0] found JavaScript
error: undefined variable document.body.style
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.body.style = 1;
error: line:1: …^
See: http://jsunpack.jeek.org/?report=be5a59978592a8eecf6a4ec9ea81a060e7f649f3
Open above link in browser with NoScript extension active and inside a VM/sandbox!

XSS vuln: Results from scanning URL: htxp://chivaroli dot com/wp-content/plugins/mailchimp/js/mailchimp.js?ver=1.4.2
Number of sources found: 18
Number of sinks found: 9 Adding div element via !E.body.innerHTML -!
mailchip pr0tected with this code regular expression

 {"ajax_url":"http:\/\/chivaroli.com\/"};

Results from scanning URL: //translate.google dot com/translate_a/element.js?cb=GoogleLanguageTranslatorInit
Number of sources found: 17
Number of sinks found: 11

Security Header Scan Summary:
Number of Happy Findings: 2
Number of Not As Happy Findings: 8
Percentage Happy Findings: 20%
Only XHR Cross Object Resource Sharing requests are prohibited & UTF-8 Character Encoding was found.

DNS is OK (one little hick-up): http://www.dnsinspect.com/chivaroli.com/1415551928

Also OK are the results of this report: http://toolbar.netcraft.com/site_report/?url=chivaroli.com%2Ftag%2Flos-angeles-county

Try to debug for this here: htxp://soliloquywp.com/docs/debugging-soliloquy/

Results from scanning external URL from within the site-code: htxp://www.7584.info/include/xoops.js
XSS vuln. e.name (JS Hidden-Link, HTML/Iframe.B.Gen virus & Trojan-Downloader.JS.Iframe.cvb could be associated with xoops.js
http://www.cvedetails.com/vulnerability-list/vendor_id-1081/product_id-1876/Xoops-Xoops.html )
Number of sources found: 6
Number of sinks found: 6 - attackers to inject arbitrary web script or HTML via Javascript in a DIV tag

This external site has Outdated Software: Outdated cPanel Found cPanel Security cPanel 11.23.6
Outdated Web Server Apache Found Vulnerabilities on Apache 1 Apache/1.3.41
Web application details:
Running cPanel 11.23.6: wXw.7584.info:2082
cPanel version 11.23.6 outdated: Upgrade required.
Outdated cPanel Found: cPanel 11.23.6
Outdated Web Server Apache Found: Apache/1.3.41

polonus (volunteer cold reconnaissance website security analyzer and error-hunter)