Does We’re Open! have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is We’re Open! compatible with WordPress 6.9.4?

According to WordPress.org data, We’re Open! 2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is We’re Open! compatible with PHP 5.2.4+?

We’re Open! requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is We’re Open! updated?

We’re Open! was last updated on Jan 4, 2026. Frequent updates are generally a positive security signal.

What is We’re Open!'s security score?

We’re Open! has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

We’re Open! Security & Risk Analysis

wordpress.org/plugins/opening-hours

Opening hours for your business, a joy to manage and highly customizable. Conditional excerpts; conditional/replacement text; Structured Data for SEO.

5K active installs v2.6 PHP 5.2.4+ WP 5.3+ Updated Jan 4, 2026

business-hoursopen-hoursopen-timesopening-hoursopening-times

A · Safe

CVEs total5

Unpatched0

Last CVEFeb 27, 2023

Plugin page Download

Safety Verdict

Is We’re Open! Safe to Use in 2026?

Generally Safe

Score 99/100

We’re Open! has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Feb 27, 2023Updated 4mo ago

Risk Assessment

The 'opening-hours' plugin v2.6 presents a mixed security posture. On the positive side, the static analysis indicates strong adherence to WordPress security best practices with a high percentage of properly escaped output, a significant number of nonce and capability checks, and no identified dangerous functions. The absence of unpatched CVEs and a lack of critical or high-severity vulnerabilities in its history are also reassuring signs. However, the presence of 3 SQL queries that do not use prepared statements is a notable concern, as this can be a gateway for SQL injection vulnerabilities if not handled with extreme care in all contexts. Additionally, the two identified flows with unsanitized paths, while not categorized as critical or high in the taint analysis, warrant careful review as they represent potential vectors for unexpected behavior or information disclosure.

Key Concerns

SQL queries without prepared statements
Flows with unsanitized paths detected

Vulnerabilities

5 published

We’re Open! Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

3 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2023-25964medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 27, 2023 Patched in 1.47 (330d)

CVE-2023-25067medium · 4.3Cross-Site Request Forgery (CSRF)

We’re Open! <= 1.45 - Cross-Site Request Forgery

Feb 2, 2023 Patched in 1.46 (355d)

WF-82f4ad21-bc55-4daf-bc46-90969dcbabdd-opening-hoursmedium · 4.3Missing Authorization

We’re Open! <= 1.44 - Missing Authorization

Feb 1, 2023 Patched in 1.45 (356d)

CVE-2022-3139medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 20, 2022 Patched in 1.42 (490d)

WF-0004db27-9ea6-4387-ab1d-b95558784ed9-opening-hoursmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

We’re Open! <= 1.37 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 9, 2022 Patched in 1.38 (501d)

Version History

We’re Open! Release Timeline

v2.6Current

v2.5

v2.4

v2.3

v2.2

v2.1

v2.0

v1.67

v1.66

v1.65

v1.64

v1.63

v1.62

v1.61

v1.60

v1.59

v1.58

v1.57

v1.56

v1.55

Code Analysis

Analyzed Mar 16, 2026

We’re Open! Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

557 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

93% escaped600 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

admin_ajax (index.php:1024)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

We’re Open! Attack Surface

Entry Points9

Unprotected0

Shortcodes 9

[closed_now] index.php:620

[open] index.php:621

[open_not_special] index.php:622

[open_now] index.php:623

[open_special] index.php:624

[open_text] index.php:625

[opening_hours] index.php:626

[opening_hours_text] index.php:627

[we_are_open] index.php:628

WordPress Hooks 17

actionwpcron.php:16

actionwe_are_open_runcron.php:17

actionadmin_menuindex.php:590

actionadmin_enqueue_scriptsindex.php:591

actionadmin_enqueue_scriptsindex.php:592

actionadmin_noticesindex.php:594

actionwidgets_initindex.php:595

actioninitindex.php:596

filterplugin_action_linksindex.php:598

filterplugin_row_metaindex.php:599

actionwp_enqueue_scriptsindex.php:632

actionwp_enqueue_scriptsindex.php:637

actionwp_headindex.php:644

actioninitindex.php:647

actionupgrader_process_completeopening-hours.php:48

actionadmin_enqueue_scriptswidget.php:172

actionadmin_enqueue_scriptswidget.php:173

Scheduled Events 3

we_are_open_run

Maintenance & Trust

We’re Open! Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 4, 2026

PHP min version5.2.4

Downloads126K

Community Trust

Rating100/100

Number of ratings44

Active installs5K

Alternatives

We’re Open! Alternatives

Business Hours Indicator

business-hours-indicator

100

Display opening hours and if you're currently open/closed, with countdown to next opening. Show or hide content only when open/closed & more!

8K 1 CVE

Stylish Business Hours

stylish-business-hours

With a sleek design, Stylish Business Hours lets you display your hours in style. Show your opening times however you want and indicate if you're …

60 No CVEs

Gellum Business Hours for WooCommerce

gellum-business-hours

100

Manage your WooCommerce store's business hours. Disable checkout and display notices when the store is closed, indicating the next opening time.

20 No CVEs

Bitkit Opening Hours & Holidays

bitkit-opening-hours-holidays

100

Manage and display business opening hours, holidays and vacation periods with shortcodes, a Gutenberg block, a widget and JSON-LD structured data.

10 No CVEs

Business Open Hours Master

business-open-hours-master

Creates an easy to manage list of open and closing business hours.

10 No CVEs

Developer Profile

We’re Open! Developer Profile

Noah Hearle

2 plugins · 25K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

344 days

View full developer profile

Detection Fingerprints

How We Detect We’re Open!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/opening-hours/style.css/wp-content/plugins/opening-hours/js/main.js

Script Paths

/wp-content/plugins/opening-hours/js/main.js

Version Parameters

opening-hours/style.css?ver=opening-hours/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

opening-hours-widget

HTML Comments

Data Attributes

data-opening-hours-settings

JS Globals

we_are_open_params

Shortcode Output

[opening_hours]

FAQ