Site endangered by outdated CMS and already compromised?

See: Web application details:
Application: WordPress 3.5.1 - http://www.wordpress.org
Running cPanel 11.44.1.18: wXw.autoamica.net:2082

Web application version:
WordPress version: WordPress 3.5.1
Wordpress Version 3.5 based on: htxp://www.autoamica.net/wp-admin/js/common.js
All in One SEO Pack version: 1.6.15.3 *
WordPress directory: htxp://www.autoamica.net/wp-content
WordPress theme: htxp://www.autoamica.net/wp-content/themes/autoamica/
Wordpress internal path: /home/autoamic/public_html/wp-content/themes/autoamica/index.php
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 3.9.1

pol

Outdated Joomla led here to SEO visitors redirect to
SE visitors redirects
Visitors from search engines are redirected
to: htxp://tinyurl.com/lcev3uh
457 sites infected with redirects to this URL
Missed at VT, & here: http://quttera.com/detailed_report/textspirit.com
ISSUE DETECTED DEFINITION VULNERABLE HEADER
Outdated Joomla Found Security Announcements Joomla under 2.5.20 or 3.3

IP blacklisted here: http://www.ip-finder.me/85.13.142.143/

IP badness history: https://www.virustotal.com/nl/ip-address/85.13.142.143/information/

ambiguities exploitable for OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0)
NLNet Labs Unbound DNS resolver - everything seems fine: http://dnscheck.pingdom.com/?domain=textspirit.com&timestamp=1411590894&view=1
T+0.65s WARNING: your DNS servers originate from only one autonymous system (network). Locating DNS servers on multiple networks will improve resilience → DNS server NS5.KASSERVER.COM has IPv4 address 85.13.128.3

Vulnerability found for indexer.php not flagged by VT: http://www.securityfocus.com/bid/31726/discuss

So there is some work to be done on the website security front.

On tiny URL abuse read: http://www.experts-exchange.com/Software/Anti-Virus/Q_28169779.html
going here htxp://tags.expo9.exponential.com/tags/TinyURLcom/ROS/tags.js
being blocked by an extension for me.

pol