Does Store Hours for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Store Hours for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Store Hours for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Store Hours for WooCommerce 4.3.24 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Store Hours for WooCommerce compatible with PHP 5.6+?

Store Hours for WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Store Hours for WooCommerce updated?

Store Hours for WooCommerce was last updated on Oct 14, 2025. Frequent updates are generally a positive security signal.

What is Store Hours for WooCommerce's security score?

Store Hours for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Store Hours for WooCommerce Security & Risk Analysis

wordpress.org/plugins/order-hours-scheduler-for-woocommerce

Create Custom Open & Close Store Schedules for Automatically Enabling & Disabling Customer Checkout Functionality for WooCommerce.

2K active installs v4.3.24 PHP 5.6+ WP 3.0+ Updated Oct 14, 2025

closing-timeopening-closing-timeopening-timewoocommercewoocommerce-open-close

A · Safe

CVEs total1

Unpatched0

Last CVESep 25, 2024

Plugin page Download

Safety Verdict

Is Store Hours for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Store Hours for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 25, 2024Updated 5mo ago

Risk Assessment

The 'order-hours-scheduler-for-woocommerce' plugin v4.3.24 presents a mixed security posture. Static analysis indicates a commendable lack of direct attack vectors like unprotected AJAX handlers, REST API routes, or shortcodes. Furthermore, all SQL queries utilize prepared statements, and there are no external HTTP requests, which are positive signs. However, a significant concern is the low percentage of properly escaped output (31%), indicating a potential for Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered without adequate sanitization.

Taint analysis revealed no vulnerabilities, which is encouraging. Despite this, the plugin has a history of one medium severity vulnerability, specifically an "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", which was last patched on 2024-09-25. This indicates that while vulnerabilities have been addressed, the underlying potential for XSS due to insufficient output escaping remains a concern and has manifested in the past.

In conclusion, while the plugin demonstrates good practices in areas like SQL query sanitization and minimizing direct attack surfaces, the substantial number of unescaped outputs and the past XSS vulnerability history are significant weaknesses. The absence of current unpatched CVEs is positive, but the static analysis data on output escaping suggests a latent risk that requires attention. Users should be aware of the potential for XSS if the plugin's output handling is not comprehensively reviewed and improved.

Key Concerns

Low percentage of properly escaped output
Past medium severity XSS vulnerability

Vulnerabilities

Store Hours for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-8872medium · 6.1Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting

Sep 25, 2024 Patched in 4.3.22 (1d)

Code Analysis

Analyzed Mar 16, 2026

Store Hours for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

194

87 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

31% escaped281 total outputs

Attack Surface

Store Hours for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 41

filterpre_option_zhours_current_statusfunctions.php:268

filtercheck_if_store_hours_is_openedfunctions.php:272

filtercheck_if_holidayfunctions.php:276

filterget_period_schedule_by_dayfunctions.php:280

filterbody_classfunctions.php:286

actionzhours_cache_clear_openfunctions.php:333

actionzhours_cache_clear_closefunctions.php:337

filterwoocommerce_blocks_product_grid_item_htmlfunctions.php:366

actionin_admin_headerincludes\Admin\Layout.php:17

actioninitincludes\Aspect\Input.php:463

actionadmin_menuincludes\Aspect\Page.php:17

actioninitincludes\Aspect\Page.php:30

actionadmin_menuincludes\Aspect\Page.php:37

actionadmin_initincludes\Aspect\Page.php:46

actionadmin_initincludes\Aspect\Page.php:51

actionafter_switch_themeincludes\Aspect\Taxonomy.php:179

actioninitincludes\Aspect\Taxonomy.php:180

actioninitincludes\Aspect\Template.php:19

actionwpincludes\Aspect\Template.php:20

actiontemplate_redirectincludes\Aspect\Template.php:21

filterwp_titleincludes\Aspect\Template.php:60

filterbody_classincludes\Aspect\Template.php:65

filtertemplate_includeincludes\Aspect\Template.php:81

actioninitincludes\Aspect\Type.php:88

actionsave_postincludes\Aspect\Type.php:113

actionadd_meta_boxesincludes\Aspect\Type.php:114

filterwoocommerce_available_payment_gatewaysincludes\Frontend\Shop.php:14

actioninitincludes\setting.php:19

actionadmin_enqueue_scriptsincludes\setting.php:33

actionbefore_woocommerce_initincludes\Setup.php:10

actionplugins_loadedincludes\Setup.php:11

actionafter_setup_themeincludes\Setup.php:12

actionwp_enqueue_scriptsincludes\Setup.php:13

actionadmin_noticesincludes\Setup.php:24

actionwp_footerincludes\Setup.php:43

filterzh_notification_type_statusincludes\Setup.php:46

filterzh_is_allowed_order_placingincludes\Setup.php:47

actionwpincludes\Setup.php:50

actionwp_enqueue_scriptsincludes\Setup.php:55

actionadmin_enqueue_scriptsincludes\Setup.php:60

filterwoocommerce_locate_templateincludes\Template.php:11

Scheduled Events 3

zhours_cache_clear_open

zhours_cache_clear_close

Maintenance & Trust

Store Hours for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 14, 2025

PHP min version5.6

Downloads84K

Community Trust

Rating56/100

Number of ratings30

Active installs2K

Alternatives

Store Hours for WooCommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs

WooCommerce PayPal Payments

woocommerce-paypal-payments

100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Developer Profile

Store Hours for WooCommerce Developer Profile

bizswoop

7 plugins · 3K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Store Hours for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/css/admin.css/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/css/main.css/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/css/bootstrap.css/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/admin.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/main.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/bootstrap.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/datepickr.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/jstimezone.min.js

Script Paths

/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/admin.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/main.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/bootstrap.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/datepickr.js/wp-content/plugins/order-hours-scheduler-for-woocommerce/assets/js/jstimezone.min.js

Version Parameters

order-hours-scheduler-for-woocommerce/assets/css/admin.css?ver=order-hours-scheduler-for-woocommerce/assets/css/main.css?ver=order-hours-scheduler-for-woocommerce/assets/css/bootstrap.css?ver=order-hours-scheduler-for-woocommerce/assets/js/admin.js?ver=order-hours-scheduler-for-woocommerce/assets/js/main.js?ver=order-hours-scheduler-for-woocommerce/assets/js/bootstrap.js?ver=order-hours-scheduler-for-woocommerce/assets/js/datepickr.js?ver=order-hours-scheduler-for-woocommerce/assets/js/jstimezone.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

zhours-admin-wrapperzhours-main-wrapperzhours-bootstrap-containerzhours-bootstrap-rowzhours-bootstrap-colzhours-input-wrapperzhours-labelzhours-description+6 more

Data Attributes

data-zhours-pluginzhours-field

JS Globals

ZhourszhoursAdminzhoursMainzhoursBootstrap

REST Endpoints

/wp-json/zhours/v1/settings/wp-json/zhours/v1/schedules

Shortcode Output

[zhours_scheduler_display][zhours_scheduler_form]

FAQ