Re: https://urlhaus.abuse.ch/url/437147/ infesting with emotet and heodo.
Word Press version should be updated.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
Plugin Update Status About
contact-form-7 5.2 Warning latest release (5.2.1)
https://contactform7.com/
wp-smushit 3.6.3 Current latest release (3.6.3)
http://wordpress.org/plugins/wp-smushit/
cookie-law-info 1.8.9 Warning latest release (1.9.0)
https://www.webtoffee.com/product/gdpr-cookie-consent/
jetpack 8.7.1 Warning latest release (8.8.2)
https://jetpack.com
wordpress-seo 14.6.1 Warning latest release (14.8)
https://yoa.st/1uj
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.
DOM-XSS results from scanning URL: -https://stats.wp.com/e-202034.js
Number of sources found: 58
Number of sinks found: 45
&
Results from scanning URL: -https://stats.wp.com/e-202034.js
Number of sources found: 112
Number of sinks found: 70
User-name admin-pm (not disabled).
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)