Website cleansed of redirects, CMS still vulnerable!

See: http://killmalware.com/watarunfestival.com/#
CMS Word Press: WordPress Version
3.8.1
Version does not appear to be latest 4.4 - update now.
The theme has been found by examining the path /wp-content/themes/ theme name /

Rovita 2.1http://fthemes.com/rovita-free-wordpress-theme/
While plugins get a lot of attention when it comes to security vulnerabilities, themes are another source of security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers theme page for information about security related updates and fixes.

Configuration flaws: Warning User Enumeration is possible :o
The first two user ID’s were tested to determine if user enumeration is possible.

Retirable jQuery library detected: -http://www.watarunfestival.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.watarunfestival.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.10.2 : (active1) -http://www.watarunfestival.com/wp-includes/js/jquery/jquery.js?ver=1.10.2
(active) - the library was also found to be active by running code
1 vulnerable library detected (zip file for later reference and migrate)

polonus