WP-Safety

Bitkit Opening Hours & Holidays Security & Risk Analysis

wordpress.org/plugins/bitkit-opening-hours-holidays

Manage and display business opening hours, holidays and vacation periods with shortcodes, a Gutenberg block, a widget and JSON-LD structured data.

10 active installs v1.0.1 PHP 8.1+ WP 6.4+ Updated Dec 11, 2025
blockbusiness-hoursholidaysopening-hourswidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Bitkit Opening Hours & Holidays Safe to Use in 2026?

Generally Safe

Score 100/100

Bitkit Opening Hours & Holidays has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "bitkit-opening-hours-holidays" plugin v1.0.1 demonstrates a generally good security posture with no known vulnerabilities or critical issues identified in the provided data. The plugin adheres to several security best practices, including the absence of dangerous functions and all SQL queries utilizing prepared statements. It also performs nonce checks and capability checks, indicating an effort to protect against common WordPress exploits. The limited attack surface with zero unprotected entry points is a significant strength.

However, the static analysis did reveal a potential concern with unsanitized paths identified in the taint analysis. While no critical or high severity issues were found, this single unsanitized path warrants attention as it could potentially be exploited under specific circumstances, though its exploitability is not confirmed as high. The high percentage of properly escaped output (73%) is a positive sign, but it also implies that 27% of outputs are not properly escaped, which could lead to XSS vulnerabilities if user-supplied data is involved in these unescaped outputs.

Given the lack of historical vulnerabilities, the plugin appears to be maintained with security in mind. The strengths lie in its low attack surface, use of prepared statements, and basic security checks. The weaknesses are primarily related to the potential for an unsanitized path and a notable percentage of unescaped output. Overall, the plugin appears relatively safe, but the identified taint flow and unescaped outputs suggest areas for improvement to achieve a more robust security profile.

Key Concerns

  • Flows with unsanitized paths
  • Unescaped output (27% of total)
Vulnerabilities
None known

Bitkit Opening Hours & Holidays Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Bitkit Opening Hours & Holidays Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
43
117 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

73% escaped160 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
render (src\Admin\SettingsPage.php:280)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Bitkit Opening Hours & Holidays Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionadmin_noticesbitkit-opening-hours-holidays.php:60
actionplugins_loadedbitkit-opening-hours-holidays.php:124
actioninitbitkit-opening-hours-holidays.php:134
actionadmin_enqueue_scriptsbitkit-opening-hours-holidays.php:145
actionwp_enqueue_scriptsbitkit-opening-hours-holidays.php:152
actionadmin_menusrc\Admin\SettingsPage.php:24
actionadmin_initsrc\Admin\SettingsPage.php:25
actionadmin_enqueue_scriptssrc\Admin\SettingsPage.php:26
actioninitsrc\Frontend\Block.php:12
actionwp_enqueue_scriptssrc\Frontend\Block.php:13
actionenqueue_block_editor_assetssrc\Frontend\Block.php:15
actionwp_enqueue_scriptssrc\Frontend\Shortcode.php:11
actionwidgets_initsrc\Frontend\Widget.php:20
actioninitsrc\Plugin.php:64
filterbkohh/is_prosrc\Plugin.php:67
filterbkohh/capabilitysrc\Plugin.php:68
actionbkohh/settings_savedsrc\Plugin.php:80
Maintenance & Trust

Bitkit Opening Hours & Holidays Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version8.1
Downloads166

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Bitkit Opening Hours & Holidays Alternatives

SiteOrigin Widgets Bundle

SiteOrigin Widgets Bundle

so-widgets-bundle

A
95

Essential elements for modern websites. Add buttons, sliders, heroes, maps, images, carousels, features, icons, more. Create dynamic pages easily.

400K 11 CVEs
Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

C
52

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 1 unpatched
Spotlight Social Feeds – Block, Shortcode, and Widget

Spotlight Social Feeds – Block, Shortcode, and Widget

spotlight-social-photo-feeds

A
98

Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.

60K 3 CVEs
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

wdesignkit

A
96

3000+ Elementor Templates, Gutenberg Templates, Widgets Builder for Elementor, Gutenberg & Bricks, Cloud Workspace & Figma Files, 160+ Widgets Library

30K 3 CVEs
Developer Profile

Bitkit Opening Hours & Holidays Developer Profile

bitkit

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bitkit Opening Hours & Holidays

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bitkit-opening-hours-holidays/assets/admin/admin.css/wp-content/plugins/bitkit-opening-hours-holidays/assets/admin/admin.js
Script Paths
/wp-content/plugins/bitkit-opening-hours-holidays/assets/admin/admin.js
Version Parameters
bitkit-opening-hours-holidays/assets/admin/admin.css?ver=bitkit-opening-hours-holidays/assets/admin/admin.js?ver=bitkit-opening-hours-holidays/assets/icons/material-symbols.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-nonce="bkohh_admin"
JS Globals
BKOHH_ADMIN
FAQ

Frequently Asked Questions about Bitkit Opening Hours & Holidays