WP-Safety

BigBad Store Hours Security & Risk Analysis

wordpress.org/plugins/bigbad-store-hours

Show whether your store is open or closed (and when it closes) using shortcodes, plus an optional floating status bar.

0 active installs v1.4.4 PHP 7.0+ WP 6.0+ Updated Unknown
business-hoursopening-hoursshortcodestore-hourswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is BigBad Store Hours Safe to Use in 2026?

Generally Safe

Score 100/100

BigBad Store Hours has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "bigbad-store-hours" v1.4.4 plugin exhibits a generally strong security posture, with no known vulnerabilities or critical issues identified in its history. The static analysis reveals a small attack surface composed solely of shortcodes, and importantly, no unprotected entry points were found. The code also demonstrates good practices regarding SQL queries, exclusively using prepared statements, and includes a nonce check and a capability check, indicating a conscious effort towards security.

However, a significant concern arises from the output escaping, with only 57% of outputs being properly escaped. This leaves a substantial portion of potentially user-controlled or dynamically generated content vulnerable to cross-site scripting (XSS) attacks if not handled carefully by themes or other plugins. While taint analysis found no specific unsanitized flows in this version, the lack of comprehensive output escaping represents a potential weakness that could be exploited.

In conclusion, the plugin's strengths lie in its limited attack surface and secure handling of SQL. The primary area for improvement and a potential risk factor is the incomplete output escaping. The absence of past vulnerabilities is a positive indicator, but the identified output escaping issue warrants attention.

Key Concerns

  • Incomplete output escaping (43% unescaped)
Vulnerabilities
None known

BigBad Store Hours Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BigBad Store Hours Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
86
114 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

57% escaped200 total outputs
Attack Surface

BigBad Store Hours Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[bbsh_store_hours] includes\render.php:6
[bbsh_open_hours] includes\render.php:7
[bbsh_store_hours_today] includes\shortcodes.php:108
[bbsh_store_hours_table] includes\shortcodes.php:111
[bbsh_store_hours_countdown] includes\shortcodes.php:112
WordPress Hooks 7
actionadmin_menuincludes\admin.php:4
actionadmin_enqueue_scriptsincludes\admin.php:5
actionwp_body_openincludes\render.php:242
actionwp_footerincludes\render.php:244
actionwp_loadedincludes\woo.php:4
actionwoocommerce_before_cartincludes\woo.php:9
actionwoocommerce_before_checkout_formincludes\woo.php:12
Maintenance & Trust

BigBad Store Hours Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.0
Downloads124

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

BigBad Store Hours Alternatives

Open Close Store for WooCommerce – Business Hours Schedules Manager

Open Close Store for WooCommerce – Business Hours Schedules Manager

woc-open-close

D
49

Easily set business hours and automatically open or close your WooCommerce shop or store based on customizable schedules and shifts.

700 2 unpatched
Gellum Business Hours for WooCommerce

Gellum Business Hours for WooCommerce

gellum-business-hours

A
100

Manage your WooCommerce store's business hours. Disable checkout and display notices when the store is closed, indicating the next opening time.

10 No CVEs
HappyCoders Store Hours for WooCommerce

HappyCoders Store Hours for WooCommerce

happycoders-store-hours-for-woocommerce

A
100

Automatically disable WooCommerce checkout and orders outside your business hours. Perfect for restaurants, delivery stores and local businesses.

0 No CVEs
YITH WooCommerce Ajax Search

YITH WooCommerce Ajax Search

yith-woocommerce-ajax-search

A
95

YITH WooCommerce Ajax Search allows your users to search products in real time.

40K 4 CVEs
Ultimate FAQ Accordion Plugin

Ultimate FAQ Accordion Plugin

ultimate-faqs

A
89

Full-featured FAQ and accordion plugin with advanced search, simple UI and easy-to-use FAQ blocks and shortcodes.

30K 6 CVEs
Developer Profile

BigBad Store Hours Developer Profile

Jordan Alexander

4 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BigBad Store Hours

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bigbad-store-hours/assets/css/admin.css/wp-content/plugins/bigbad-store-hours/assets/js/admin.js/wp-content/plugins/bigbad-store-hours/assets/css/store-hours.css/wp-content/plugins/bigbad-store-hours/assets/js/store-hours.js
Script Paths
/wp-content/plugins/bigbad-store-hours/assets/js/admin.js/wp-content/plugins/bigbad-store-hours/assets/js/store-hours.js
Version Parameters
bigbad-store-hours/assets/css/admin.css?ver=bigbad-store-hours/assets/js/admin.js?ver=bigbad-store-hours/assets/css/store-hours.css?ver=bigbad-store-hours/assets/js/store-hours.js?ver=

HTML / DOM Fingerprints

CSS Classes
bbsh-oh-colorbba-cardbba-rowbba-colbba-mutedbba-pro-badgebba-gridbba-preview+5 more
HTML Comments
<!-- Admin CSS for BigBad Store Hours --><!-- Admin JS for BigBad Store Hours --><!-- Plugin Name: BigBad Store Hours --><!-- Store Hours Bar -->+1 more
Data Attributes
data-bbsh-bardata-bbsh-widget
JS Globals
bbsh_oh_admin_params
Shortcode Output
[bigbad_store_hours][bbsh_store_hours]
FAQ

Frequently Asked Questions about BigBad Store Hours