Vulnerable website also malicious. AOS does not flag!

See: http://killmalware.com/karolinaskorek.com/#
See: https://www.virustotal.com/en/url/1ae91a935a06984ce090ec07a5cb8c3b887f876f495847c0b27cb62a4360252e/analysis/
We see a lot of these infections lately: Known javascript malware. Details: http://sucuri.net/malware/entry/mw:js:gen2?web.js.injection.megaadvertize.001 6 instances of it detected: https://sitecheck.sucuri.net/results/karolinaskorek.com

Bitdefender TrafficLight flags website as malicious.

Re: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fkarolinaskorek.com%2Fwp-content%2Fplugins%2Fwp-lightbox-2%2Fwp-lightbox-2.min.js%3Fver%3Df9612a7ea3e8952c720a7c58bfc05e06
This plug-in code comes with a wp-lightbox-2.min.js bad request error!

Web application version:
WordPress version: Powered by Visual Composer - drag and drop page builder for WordPress.
WordPress theme: -http://karolinaskorek.com/wp-content/themes/wpex-photopro/
Outdated Web Server Nginx Found: nginx/0.5.36

The following plugins were detected by reading the HTML source of the WordPress sites front page.

photomosaic-for-wordpress
js_composer
column-shortcodes 0.6.6 latest release (0.6.6)
http://www.codepresshq.com/wordpress-plugins/shortcode-columns/
wp-lightbox-2 latest release (3.0.6.2)
http://wpdevart.com/wordpress-lightbox-plugin

Vulnerable retirable jQuery libraries: -http://karolinaskorek.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://karolinaskorek.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=f9612a7ea3e8952c720a7c58bfc05e06
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://karolinaskorek.com/wp-includes/js/jquery/jquery.js?ver=f9612a7ea3e8952c720a7c58bfc05e06
jquery.prettyPhoto - 3.1.5 : -http://karolinaskorek.com/wp-content/plugins/photomosaic-for-wordpress/js/jquery.photoMosaic.js?ver=f9612a7ea3e8952c720a7c58bfc05e06
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
mustache.js - 0.3.1 : -http://karolinaskorek.com/wp-content/plugins/photomosaic-for-wordpress/js/jquery.photoMosaic.js?ver=f9612a7ea3e8952c720a7c58bfc05e06
Info: Severity: high
https://github.com/janl/mustache.js/issues/112
Info: Severity: medium
https://github.com/janl/mustache.js/releases/tag/v2.2.1
https://github.com/janl/mustache.js/pull/530
(active) - the library was also found to be active by running code
3 vulnerable libraries detected

One SRI issue: Missing SRI hash

polonus