Hackers Exploit Obscure WordPress Plugin to Steal Payment Data