Detected via cold reconnaissance third party scanning.
See: https://asafaweb.com/Scan?Url=vacationet.com%2Fresort.php%3Fid%3D2
Custom errors fail and two warnings. Not given as under threat: https://sitecheck.sucuri.net/results/vacationet.com#blacklist-status
But look here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fvacationet.com%2Fresort.php%3Fid%3D2
Vulnerable = http://vacationet.com/js/jquery.validate.min.js vulnerability over 4 years old: http://sijmen.ruwhof.net/weblog/256-cross-site-scripting-in-millions-of-web-sites → http://packetstormsecurity.com/files/128116/jquery142-xss.txt
Also found on this site JQuery 1.4.2.

“Why website security should always be a last resort issue?” : :o

polonus

Interesting background read here: http://premium.wpmudev.org/blog/7-deadly-sins-of-wordpress-development/
link article author = By Sarah Gooding
And please folks start to use the latest updater: https://wordpress.org/plugins/jquery-updater/
Requires: 3.9 or higher
Compatible up to: 4.2.1 (author = Ramoonus)

polonus