VULNERABILITY DETAILS
Many regular users save their debit/credit card information into their chrome browsers to save time on the internet. Most sites are able to obscure the saved card information at checkout so that the system cannot be abused. However a number of websites, Wordpress.com in this example, no not properly obscure the card number saved on chrome. Even if the card number is obscured on other websites, a trial and error method can be used on these sites, with chromes card suggestion to indicate when a correct number was chosen. This vulnerability would provide a user a clear and easy path to obtain any of the card details stored on the system. The card information could be used on any site that does not require a cvv( amazon) or could be used in social engineering to gather more information about the card holder.

This exploit could be used physically on any system that was left logged in, which is common practice for many users. In addition, this vulnerability could be used remotely on computers that have been infected with malware. Although in both of these cases the computer is already compromised, the vulnerability provides a direct path to card information; this will make the system compromise even more dangerous. 

This problem could be fixed by having the suggested card number display after 4 digits have been entered. This would slow down the trial and error method of obtaining the card number. In addition the procedure for when the card number is given to the site could be altered so that the user would not get access to card information when using the auto complete service.
VERSION
Chrome Version: 49.0.2623.87 m stable
 
Operating System: Windows 7

REPRODUCTION CASE
Steps to reproduce:
  1. Log onto a chrome account with debt/credit card details saved
  2. Proceed to check out any product that costs money
  3.At check when entering a card number the site is able to populate the entire card number from selecting any of the saved cards

Can also be done through trial and error on sites that do not display the entire card number. To do this one could guess random numbers with the auto complete option popping up when the number chosen was correct.