Website cleansed but still with WP issues and retirable jQuery!

The website has been cleansed of malware by it’s Dutch hoster, Antagonist B.V…
http://zulu.zscaler.com/submission/show/aabc50d4ea8c4e5db18b9b950f3578c4-1456873107
Website is malware free now, but some vulnerabilities remain:
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

js_composer Price: $34
Visual Composer Page Builder Plugin for WordPress,.
Free contact-form-7 4.4 latest release (4.4)
http://contactform7.com/
SD-mobile-nav Unknown?
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Retirable jQuery code: http://sandrameijer.nl/
Detected libraries:
jquery-migrate - 1.2.1 : -http://sandrameijer.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=8ec8bd7160a5b729cae002ed580e36cd
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://sandrameijer.nl/wp-includes/js/jquery/jquery.js?ver=8ec8bd7160a5b729cae002ed580e36cd
(active) - the library was also found to be active by running code
1 vulnerable library detected

Slight SRI issue: Missing SRI hash third party.

Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
50% of the trackers on this site could be protecting you from NSA snooping. Tell sandrameijer.nl to fix it.

Malware has been cleansed within a couple of hours :stuck_out_tongue:
No vulnerable server: http://toolbar.netcraft.com/site_report?url=http://sandrameijer.nl

polonus (volunteer website security analyst and website error-hunter)