WP-Safety

Stylish Business Hours Security & Risk Analysis

wordpress.org/plugins/stylish-business-hours

With a sleek design, Stylish Business Hours lets you display your hours in style. Show your opening times however you want and indicate if you're …

50 active installs v1.0.3 PHP 7.0+ WP 5.0+ Updated Aug 16, 2023
business-hoursopening-hoursoperation-of-hoursresponsive-hoursstyish-business-hours
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Stylish Business Hours Safe to Use in 2026?

Generally Safe

Score 85/100

Stylish Business Hours has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "stylish-business-hours" plugin v1.0.3 exhibits a mixed security posture. While it demonstrates good practices in output escaping and avoids external HTTP requests and file operations, several significant concerns are present. The presence of the `unserialize` function, coupled with two AJAX handlers lacking authentication checks, creates a notable attack surface. The taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity, warrant attention. The complete absence of vulnerability history is a positive indicator, suggesting a lack of previously discovered exploitable flaws. However, this does not negate the immediate risks identified in the static and taint analysis. The plugin's strengths lie in its generally good output escaping and lack of historical vulnerabilities, but the identified vulnerabilities in authentication and the use of potentially dangerous functions require careful consideration.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of unserialize function
  • SQL queries without prepared statements
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Stylish Business Hours Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Stylish Business Hours Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
2
126 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$data_array = json_decode(json_encode(unserialize($a['id'])));shortcode\businesshourFront.php:218

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped128 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
get_option_data (admin\businesshour_ajax.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Stylish Business Hours Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 5

authwp_ajax_set_business_hour_dataadmin\businesshour_ajax.php:7
noprivwp_ajax_set_business_hour_dataadmin\businesshour_ajax.php:8
authwp_ajax_get_option_dataadmin\businesshour_ajax.php:9
noprivwp_ajax_get_option_dataadmin\businesshour_ajax.php:10
authwp_ajax_showPreviewadmin\businesshour_ajax.php:11

Shortcodes 1

[stylish_business_hour] shortcode\businesshourFront.php:8
WordPress Hooks 6
actionwp_enqueue_scriptsadmin\businessHourfunction.php:11
actionadmin_enqueue_scriptsadmin\businessHourfunction.php:12
actionadmin_menuadmin\businessHourfunction.php:13
actioninitbusinessHours.php:26
actionadmin_footerbusinessHours.php:166
actionwp_enqueue_scriptsshortcode\businesshourFront.php:7
Maintenance & Trust

Stylish Business Hours Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.0
Last updatedAug 16, 2023
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings5
Active installs50
Alternatives

Stylish Business Hours Alternatives

Business Hours Indicator

Business Hours Indicator

business-hours-indicator

A
100

Display opening hours and if you're currently open/closed, with countdown to next opening. Show or hide content only when open/closed & more!

8K 1 CVE
We’re Open!

We’re Open!

opening-hours

A
99

Opening hours for your business, a joy to manage and highly customizable. Conditional excerpts; conditional/replacement text; Structured Data for SEO.

5K 5 CVEs
Bitkit Opening Hours & Holidays

Bitkit Opening Hours & Holidays

bitkit-opening-hours-holidays

A
100

Manage and display business opening hours, holidays and vacation periods with shortcodes, a Gutenberg block, a widget and JSON-LD structured data.

10 No CVEs
Gellum Business Hours for WooCommerce

Gellum Business Hours for WooCommerce

gellum-business-hours

A
100

Manage your WooCommerce store's business hours. Disable checkout and display notices when the store is closed, indicating the next opening time.

10 No CVEs
HelloBox

HelloBox

hellobox

A
85

Responsive, highly visible contact call-to-action. Combining instant-contact buttons, vCard import, location, business hours, messaging and more.

10 No CVEs
Developer Profile

Stylish Business Hours Developer Profile

Design

5 plugins · 5K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
359 days
View full developer profile
Detection Fingerprints

How We Detect Stylish Business Hours

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/stylish-business-hours/js/stylish-business-hours.js
Version Parameters
stylish-business-hours/js/stylish-business-hours.js?ver=

HTML / DOM Fingerprints

CSS Classes
wd-dr-modalwd-dr-modal-wrapwd-dr-modal-headerwd-dr-modal-bodywd-de-reasonswd-dr-modal-reason-inputwd-dr-modal-footerwd-dr-button-secondary+4 more
Data Attributes
data-placeholder
JS Globals
stylish_business_hours_settings
FAQ

Frequently Asked Questions about Stylish Business Hours