Hi CCV,

Try to explain to you as best I can. I have fed the site url to jsunpack, a javascript unpacker tool and javascript malcode analyzer, meant for security researchers. Everything I found was benign…
What I reported there is a what I myself will call some “code hick-up”. It is flagged “suspicious” as the code takes somewhat longer to perform as expected - max runtime is exceeded by 10 seconds, probably because of errors for that ui.core.js code in Firefox, but also kicks some errors in IE. The particular problem in IE is being reported here by “mssbee”, read: http://wordpress.org/support/topic/plugin-vslider-fix-if-you-get-an-error-with-ie
Most Content Management Software problems do not arise from the core software as this is often and regularly checked against insecurities and therefore comes fully updated and patched. It is free plug-ins and themes where the exploitable and code that can be abused/hacked is found.
Javascript coding is performed with more security in mind nowadays, but time pressure for developers and the need to “bend some curves” for better code performance under all circumstances and browser differences will make that we see such issues appear and sometimes they create exploitable situations that could lead to infestations of sorts. Here I get a “proxy-revalidate, must-revalidate” with this application/javascript.
Well we can establish there is no malcode there: http://wepawet.iseclab.org/view.php?hash=cccebf64ae63c98b561cba49624fa288&t=1394976349&type=js
See response headers here: https://www.virustotal.com/nl/url/ff6433dee42ac2f59298298fab6fd0474926c47a9132d7661b7686508ce16b30/analysis/1394976419/

The variable must be set before allowing it to echo, that is why we get the error : https://www.virustotal.com/nl/url/ff6433dee42ac2f59298298fab6fd0474926c47a9132d7661b7686508ce16b30/analysis/1394976419/

The behavior of

 var $.fn = 1; 

is quirky across browsers - it is a funcrtion pointer that you actually do not see in javascript.

But these are issues that should not be worrying you, but that should be a concern for the jQuery developers.

Hope that you understand now that analyzing website malcode is a rather complicated business, it is very very interesting stuff.
So it was fun to dive a little further into this for you. Have a nice day and stay safe and secure,

Damian