Site only blacklisted or also compromised?

Outdated CMS found: Web application version:
WordPress version: WordPress 3.5.1
Wordpress Version 3.5 based on: htxp://www.voyancepartelephone.info//wp-admin/js/common.js
WordPress theme: htxp://www.venusvoyance.com/wp-content/themes/v2/
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.0
Analysis SEO: http://website-analyzer.co.uk/audit/voyancegratuiteimmediate.fr/
This scanner gives it as clean: http://quttera.com/detailed_report/voyancepartelephone.info

Error: http://www.dnsinspect.com/voyancepartelephone.info/1415229557

Only 43% secure: http://www.7ools.com/www/voyance-gratuite.info
These results not helping security: http://sameid.net/ip/94.125.167.33/ → 55 websites with IP 94.125.167.33

Vulnerability on server: http://www.gentoo.org/security/en/glsa/glsa-201408-11.xml?style=printable
XSS vulnerable: Results from scanning URL: htxp://www.venusvoyance.com/wp-content/themes/v2/forms/70sites.js
Number of sources found: 38
Number of sinks found: 21

Results from scanning URL: htxp://www.venusvoyance.com/wp-content/themes/v2/forms/70sites.js
Number of sources found: 12
Number of sinks found: 3 →
e.g. document.cookie=“disclaimerok=oui;path=/;”; → changing of user settings, cookie theft/poisoning, or false advertising is possible

Use security components →

The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.

Also, it’s crucial that you turn off HTTP TRACE support on all webservers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported on the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user’s cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all webservers.

quote info credits go yp owasp redactor(s).

Als info header security scan results: Summary
Number of Happy Findings: 2
Number of Not As Happy Findings: 8
Percentage Happy Findings: 20% scan at: https://securityheaders.com/test-http-headers.php

pol