WP-Safety

Business Places Security & Risk Analysis

wordpress.org/plugins/taro-open-hour

A WordPress plugin for business place and open hour.

10 active installs v2.2.1 PHP 5.6+ WP 4.9.0+ Updated Unknown
businessopen-hourplacewidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Business Places Safe to Use in 2026?

Generally Safe

Score 100/100

Business Places has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "taro-open-hour" plugin v2.2.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and a clean vulnerability history is a significant positive indicator, suggesting a well-maintained and secure codebase.

The static analysis reveals a limited attack surface, with no unprotected AJAX handlers or REST API routes. The plugin also demonstrates good security practices by utilizing prepared statements for all SQL queries and performing nonce and capability checks. The high percentage of properly escaped output is also commendable, reducing the risk of cross-site scripting (XSS) vulnerabilities.

While the plugin shows many strengths, there is a minor concern regarding the output escaping, with 17% of outputs not being properly escaped. Although no critical or high severity taint flows were identified, this remaining unescaped output presents a potential low-level risk that could be exploited in specific scenarios. The inclusion of Select2 as a bundled library, while common, also warrants a minor deduction as older versions of bundled libraries can sometimes harbor vulnerabilities. Overall, the plugin is assessed as secure with minor areas for potential improvement.

Key Concerns

  • Unescaped output detected
  • Bundled library may be outdated
Vulnerabilities
None known

Business Places Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Business Places Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
14 prepared
Unescaped Output
18
86 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared14 total queries

Output Escaping

83% escaped104 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save_option (app\Tarosky\OpenHour\Admin.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Business Places Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[open-hour] includes\shortcodes.php:6
[business-place] includes\shortcodes.php:26
WordPress Hooks 14
actioninitapp\Tarosky\OpenHour\Admin.php:16
actionadmin_enqueue_scriptsapp\Tarosky\OpenHour\Admin.php:24
actionadmin_menuapp\Tarosky\OpenHour\Admin.php:31
actionadmin_initapp\Tarosky\OpenHour\Admin.php:37
actionadmin_noticesapp\Tarosky\OpenHour\Admin.php:40
actionwidgets_initapp\Tarosky\OpenHour\Bootstrap.php:37
actionwp_enqueue_scriptsapp\Tarosky\OpenHour\Bootstrap.php:39
actionadd_meta_boxesapp\Tarosky\OpenHour\Pattern\AbstractMetaBox.php:23
actionsave_postapp\Tarosky\OpenHour\Pattern\AbstractMetaBox.php:24
actionrest_api_initapp\Tarosky\OpenHour\Pattern\AbstractRest.php:33
actioninitapp\Tarosky\OpenHour\Places.php:22
actionwp_headapp\Tarosky\OpenHour\Services\MetaInfo.php:19
actionplugins_loadedtaro-open-hour.php:16
actionadmin_noticestaro-open-hour.php:29
Maintenance & Trust

Business Places Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedUnknown
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Business Places Alternatives

Widgets for Google Reviews

Widgets for Google Reviews

wp-reviews-plugin-for-google

A
93

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs
Free Google Reviews widget by OpenWidget

Free Google Reviews widget by OpenWidget

free-google-reviews-widget-by-openwidget

A
92

⭐️ Embed Google reviews into your WordPress site. Improve trust, sales & SEO of your Wordpress site with Google reviews.

100 No CVEs
Meks ThemeForest Smart Widget

Meks ThemeForest Smart Widget

meks-themeforest-smart-widget

A
91

Easily display ThemeForest items inside WordPress widget.

10K 1 CVE
Post to Google My Business (Google Business Profile)

Post to Google My Business (Google Business Profile)

post-to-google-my-business

A
100

Auto-publish posts, pages & CPTs, plus manage Google Business Profile posts. All from your WordPress dashboard!

10K 1 CVE
We’re Open!

We’re Open!

opening-hours

A
99

Opening hours for your business, a joy to manage and highly customizable. Conditional excerpts; conditional/replacement text; Structured Data for SEO.

5K 5 CVEs
Developer Profile

Business Places Developer Profile

TAROSKY INC.

12 plugins · 680 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Business Places

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/taro-open-hour/assets/css/admin.css/wp-content/plugins/taro-open-hour/assets/js/admin.js/wp-content/plugins/taro-open-hour/assets/css/select2.min.css/wp-content/plugins/taro-open-hour/assets/js/select2.min.js
Script Paths
/wp-content/plugins/taro-open-hour/assets/js/admin.js/wp-content/plugins/taro-open-hour/assets/js/select2.min.js
Version Parameters
taro-open-hour/assets/css/admin.css?ver=taro-open-hour/assets/js/admin.js?ver=taro-open-hour/assets/css/select2.min.css?ver=taro-open-hour/assets/js/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
tsoh-setting
Data Attributes
data-tsoh-setting
JS Globals
tsohTaroskyOpenHour
REST Endpoints
/wp-json/taro-open-hour/v1/places
Shortcode Output
[tsoh_places][tsoh_places_map]
FAQ

Frequently Asked Questions about Business Places