Where we seen it: http://urlquery.net/report/3625330e-5d26-4f26-8d47-1e0699ed00ab
WordPress Version
4.7.5
Version does not appear to be latest

alpine-photo-tile-for-instagram
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 EDITOR swillock
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.available and check the developers plugin page for information about security related updates and fixes.

GoDaddy abuse: 9 flag: https://www.virustotal.com/pl/url/bc621dd0c732949b51e813248dfd83f1c4ff59e6add9c6711fbb85779fd3b889/analysis/1500761471/

Domain has malware: https://quttera.com/detailed_report/btsnob.com

Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.002

3 vuln. jQuery libraries: http://retire.insecurity.today/#!/scan/968e2f96f39e00cd5a0054612aa58beed96cd881a37b11be5f2ae0a8a77d7f91
Re: http://urlquery.net/report/3625330e-5d26-4f26-8d47-1e0699ed00ab

This blocked for me by uMatrix: -http://clickcdn.shareaholic.com/api/vglnk.js
Just the one flagged here as with missing SRI-hash: https://sritest.io/#report/3e27d2bb-903a-4177-a4b4-fb56cdd33e29
as is “twentyfourteen-lato-css” compromittal from “-domenico.augliera.it/js/jquery.min.php?utt=G91825&utm=”.

polonus (volunteer website security analyst and website error-hunter)

Another outdated Word Press site with jQuery problems: http://isithacked.com/check/gadingbola.net
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=gadingbola.net&ref_sel=GSP2&ua_sel=ff&fs=1
Malicious site and PHISHING-site: https://www.virustotal.com/pl/url/f1286b25927020af2bcaff987ca27ec7283780178bd04718d62de9d140c866d5/analysis/1500825636/
Re: https://sitecheck.sucuri.net/results/gadingbola.net & https://sitecheck.sucuri.net/results/gadingbola.net

4 jQuery libraries to be retired: http://retire.insecurity.today/#!/scan/f037913b968a106772e5e0ce9a7d8edbdc9e2a3b17798963a012bf8e797d8e0e

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fgadingbola.net
in particular: Results from scanning URL: -https://stats.wp.com/e-201729.js
Number of sources found: 38
Number of sinks found: 21

Also error kicked up by -gadingbola.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
through a misplaced ending brace, creating a nesting function… (pol).
One could check sec-abstract-equality-comparison

if (variable == null){
    // your code here.
}

Read: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Comparison_Operators
Info credits go to StackOverflow’s Sarfraz.

polonus (volunteer website security analyst and website error-hunter)