A recent analysis discovered a malicious plugin injected into a WordPress/WooCommerce website that creates a fake administrator user and injects credit card skimming JavaScript into the checkout page.