Mining your Social Media website vulnerable to DROWn and more insecurities found

Ready for the Hall of Shame?
Unbelievable this site being vulnerable to DROWn: https://test.drownattack.com/?site=https%3A%2F%2Fdatabricks.com%2F
One of the firms for data mining that the CIA invested in to spot so-called ‘insider threats’.
The snooper and In-Q-Tel partner website uses old WordPress plug-in: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

google-analyticator 6.4.9.6 latest release (6.4.9.7) Update required
http://www.videousermanuals.com/google-analyticator/

Configuration issue: Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 Jake Bellacera admin
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Warnings
BEAST
The BEAST attack is not mitigated on this server.

Retirable jQuery code: -https://databricks.com
Detected libraries:
jquery - 1.11.1 : (active1) -https://databricks.com/wp-content/themes/databricks/assets/js/vendor.js?ver=2.71.1
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
handlebars.js - 3.0.1 : (active1) -https://databricks.com
Info: Severity: medium
https://github.com/wycats/handlebars.js/pull/1083
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

polonus (volunteer website security analyst and website error-hunter)

For a background read: https://theintercept.com/2016/04/14/in-undisclosed-cia-investments-social-media-mining-looms-large/

Another such site is into cloud server security, well see the status for their response header security.
F-Status: https://securityheaders.io/?q=https%3A%2F%2Fwww.cloudpassage.com%2F
and too bad to be true - 11 issues here: https://sritest.io/#report/7be419b7-a50d-4427-8bad-27b0f87cdf00
Warnings
BEAST
The BEAST attack is not mitigated on this server.
WordPress security seems OK.

Nameserver version exposed :o http://www.dnsinspect.com/cloudpassage.com/1460753837
“9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7” etc.

I think the main line here is security through obscurity. See http transactions here: https://urlquery.net/report.php?id=1460754586933
and http://toolbar.netcraft.com/site_report?url=http://104.130.65.166

Various ad- and tracking servers come blocked for me: -http://go.toutapp.com/ etc.

Also copnsider the DROWn vulnerability here: https://test.drownattack.com/?site=wpengine.com
→ RACKSPACE - Rackspace Hosting,US San Antonio Texas, 104.130.65.166
-https://wpengine.com/
Detected libraries:
jquery - 2.2.0 : -https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
jquery-ui-dialog - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
jquery-ui-tooltip - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: high
http://bugs.jqueryui.com/ticket/8859
jquery - 1.6.4 : -https://cdn.optimizely.com/js/836340079.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
3 vulnerable libraries detected

polonus