Does Open Close Store for WooCommerce – Business Hours Schedules Manager have any unpatched vulnerabilities?

Yes — Open Close Store for WooCommerce – Business Hours Schedules Manager currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Open Close Store for WooCommerce – Business Hours Schedules Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Open Close Store for WooCommerce – Business Hours Schedules Manager 4.9.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Open Close Store for WooCommerce – Business Hours Schedules Manager Security & Risk Analysis

wordpress.org/plugins/woc-open-close

Easily set business hours and automatically open or close your WooCommerce shop or store based on customizable schedules and shifts.

700 active installs v4.9.9 PHP 7.4+ WP 5.0+ Updated Jan 3, 2026

open-closeopening-hoursschedules-managerstore-hours-for-woocommerce

D · High Risk

CVEs total4

Unpatched2

Last CVEOct 8, 2025

Plugin page Download

Safety Verdict

Is Open Close Store for WooCommerce – Business Hours Schedules Manager Safe to Use in 2026?

High Risk

Score 49/100

Open Close Store for WooCommerce – Business Hours Schedules Manager carries significant security risk with 4 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

4 known CVEs 2 unpatched Last CVE: Oct 8, 2025Updated 3mo ago

Risk Assessment

The "woc-open-close" plugin version 4.9.9 presents a moderate to high security risk. While it demonstrates some good security practices, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, several concerning factors remain. The presence of three unprotected AJAX handlers significantly increases the attack surface, allowing potential unauthenticated actions. Additionally, the use of the `unserialize()` function without proper input validation is a critical vulnerability that can lead to remote code execution if exploited. The plugin's vulnerability history is also a major concern, with four previously disclosed CVEs, two of which remain unpatched. The common types of vulnerabilities found (Remote File Inclusion, Missing Authorization, Cross-site Scripting) directly correlate with some of the identified weaknesses in the code analysis, particularly the unprotected AJAX handlers and potentially the `unserialize()` function if input is not carefully controlled. The late date of the last vulnerability (2025-10-08) suggests a recent discovery of issues, but the fact that two are unpatched is a significant red flag.

Key Concerns

3 unprotected AJAX handlers
Use of unserialize() without sufficient checks
2 unpatched CVEs
1 High severity CVE
3 Medium severity CVEs
Bundled outdated Freemius v1.0
73% output properly escaped (indicates potential for XSS)

Vulnerabilities

Open Close Store for WooCommerce – Business Hours Schedules Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-62935medium · 4.3Missing Authorization

Open Close WooCommerce Store <= 4.9.8 - Missing Authorization

Oct 8, 2025Unpatched

CVE-2025-47649high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Open Close WooCommerce Store <= 4.9.5 - Authenticated (Contributor+) Local File Inclusion

May 7, 2025Unpatched

CVE-2024-32522medium · 4.3Missing Authorization

Open Close WooCommerce Store <= 4.9.1 - Missing Authorization

Apr 15, 2024 Patched in 4.9.2 (9d)

WF-3e471ef4-94c1-47d9-98ae-f79f7662e21a-woc-open-closemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Woocommerce Open Close – Best Business Schedules Manager <= 4.3.0 - Reflected Cross-Site Scripting

Apr 17, 2022 Patched in 4.3.1 (646d)

Code Analysis

Analyzed Mar 16, 2026

Open Close Store for WooCommerce – Business Hours Schedules Manager Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

261

708 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$posted_data = unserialize( $posted_data );includes\classes\class-post-meta.php:287

Bundled Libraries

jQueryFreemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

73% escaped969 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

12 flows3 with unsanitized paths

wooopenclose_pro_make_active (includes\classes\class-hooks-pro.php:334)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Open Close Store for WooCommerce – Business Hours Schedules Manager Attack Surface

Entry Points13

Unprotected3

AJAX Handlers 11

authwp_ajax_wooopenclose_pro_trash_scheduleincludes\classes\class-hooks-pro.php:38

authwp_ajax_wooopenclose_pro_create_scheduleincludes\classes\class-hooks-pro.php:39

authwp_ajax_wooopenclose_pro_make_activeincludes\classes\class-hooks-pro.php:40

authwp_ajax_woc_add_scheduleincludes\classes\class-hooks.php:36

authwp_ajax_woc_switch_activeincludes\classes\class-hooks.php:37

authwp_ajax_woc_update_timezoneincludes\classes\class-hooks.php:38

authwp_ajax_wpdk_settings-get-iconsincludes\wp-dev-kit\settings\functions\actions.php:53

authwp_ajax_wpdk_settings-exportincludes\wp-dev-kit\settings\functions\actions.php:91

authwp_ajax_wpdk_settings-importincludes\wp-dev-kit\settings\functions\actions.php:128

authwp_ajax_wpdk_settings-resetincludes\wp-dev-kit\settings\functions\actions.php:156

authwp_ajax_wpdk_settings-chosenincludes\wp-dev-kit\settings\functions\actions.php:196

Shortcodes 2

[woc-manage-schedules] includes\classes\class-hooks-pro.php:36

[wooopenclose-manage-schedules] includes\classes\class-hooks-pro.php:37

WordPress Hooks 86

filtermanage_woc_hour_posts_columnsincludes\classes\class-columns.php:18

actionmanage_woc_hour_posts_custom_columnincludes\classes\class-columns.php:19

filterpost_row_actionsincludes\classes\class-columns.php:20

filtermonths_dropdown_resultsincludes\classes\class-columns.php:21

filterwoc_filters_is_proincludes\classes\class-hooks-pro.php:17

filterplugin_row_metaincludes\classes\class-hooks-pro.php:18

filterwp_headincludes\classes\class-hooks-pro.php:24

filterwoocommerce_loop_add_to_cart_linkincludes\classes\class-hooks-pro.php:30

actionwooopenclose_pro_update_scheduleincludes\classes\class-hooks-pro.php:41

actionplugins_loadedincludes\classes\class-hooks-pro.php:48

filterWOOOPENCLOSE/Filters/is_openincludes\classes\class-hooks-pro.php:49

filterwoc_filters_shop_close_messageincludes\classes\class-hooks-pro.php:50

filterwoocommerce_product_add_to_cart_textincludes\classes\class-hooks-pro.php:57

filterwoocommerce_product_single_add_to_cart_textincludes\classes\class-hooks-pro.php:58

actionwoocommerce_before_cartincludes\classes\class-hooks-pro.php:59

actionwoocommerce_before_thankyouincludes\classes\class-hooks-pro.php:60

filterwoocommerce_before_order_itemmetaincludes\classes\class-hooks-pro.php:61

filterwoocommerce_add_to_cart_validationincludes\classes\class-hooks-pro.php:68

filterwoc_filters_get_active_schedule_idincludes\classes\class-hooks-pro.php:213

filterdokan_get_dashboard_settings_navincludes\classes\class-hooks-pro.php:214

filterdokan_get_template_partincludes\classes\class-hooks-pro.php:215

actiondokan_render_settings_contentincludes\classes\class-hooks-pro.php:221

actiondokan_seller_listing_after_featuredincludes\classes\class-hooks-pro.php:227

filterwc_stripe_hide_payment_request_on_product_pageincludes\classes\class-hooks-pro.php:446

actioninitincludes\classes\class-hooks.php:22

actionwp_footerincludes\classes\class-hooks.php:23

actioninitincludes\classes\class-hooks.php:26

actionwp_footerincludes\classes\class-hooks.php:27

actionadmin_noticesincludes\classes\class-hooks.php:28

actionadmin_bar_menuincludes\classes\class-hooks.php:29

filterwidget_textincludes\classes\class-hooks.php:31

filterplugin_row_metaincludes\classes\class-hooks.php:32

filterpost_updated_messagesincludes\classes\class-hooks.php:34

actionStackWC/Settings/Option/before_woc_instant_forceincludes\classes\class-hooks.php:39

actionin_admin_headerincludes\classes\class-hooks.php:40

filterwc_stripe_show_payment_request_on_cartincludes\classes\class-hooks.php:49

filterwoocommerce_order_button_htmlincludes\classes\class-hooks.php:55

actionpost_submitbox_misc_actionsincludes\classes\class-post-meta.php:38

actionsave_postincludes\classes\class-schedule.php:25

actionadmin_initincludes\wp-dev-kit\classes\class-client.php:60

actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\abstract.class.php:21

actionadmin_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:107

actionadmin_bar_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:108

actionnetwork_admin_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:112

filteradmin_footer_textincludes\wp-dev-kit\settings\classes\admin-options.class.php:489

actionadd_meta_boxes_commentincludes\wp-dev-kit\settings\classes\comment-options.class.php:40

actionedit_commentincludes\wp-dev-kit\settings\classes\comment-options.class.php:41

actioncustomize_registerincludes\wp-dev-kit\settings\classes\customize-options.class.php:43

actioncustomize_save_afterincludes\wp-dev-kit\settings\classes\customize-options.class.php:44

actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\customize-options.class.php:48

actionadd_meta_boxesincludes\wp-dev-kit\settings\classes\metabox-options.class.php:54

actionsave_postincludes\wp-dev-kit\settings\classes\metabox-options.class.php:55

actionedit_attachmentincludes\wp-dev-kit\settings\classes\metabox-options.class.php:56

actionwp_nav_menu_item_custom_fieldsincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:32

actionwp_update_nav_menu_itemincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:33

filterwp_edit_nav_menu_walkerincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:35

actionadmin_initincludes\wp-dev-kit\settings\classes\profile-options.class.php:32

actionshow_user_profileincludes\wp-dev-kit\settings\classes\profile-options.class.php:44

actionedit_user_profileincludes\wp-dev-kit\settings\classes\profile-options.class.php:45

actionpersonal_options_updateincludes\wp-dev-kit\settings\classes\profile-options.class.php:47

actionedit_user_profile_updateincludes\wp-dev-kit\settings\classes\profile-options.class.php:48

actionafter_setup_themeincludes\wp-dev-kit\settings\classes\setup.class.php:74

actioninitincludes\wp-dev-kit\settings\classes\setup.class.php:75

actionswitch_themeincludes\wp-dev-kit\settings\classes\setup.class.php:76

actionadmin_enqueue_scriptsincludes\wp-dev-kit\settings\classes\setup.class.php:77

actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\setup.class.php:78

actionwp_headincludes\wp-dev-kit\settings\classes\setup.class.php:79

filteradmin_body_classincludes\wp-dev-kit\settings\classes\setup.class.php:80

actionadmin_footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:49

actioncustomize_controls_print_footer_scriptsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:50

actionelementor/editor/before_enqueue_scriptsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:61

actionelementor/editor/footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:62

actionelementor/editor/footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:63

actionenqueue_block_editor_assetsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:311

actionmedia_buttonsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:315

actionadmin_initincludes\wp-dev-kit\settings\classes\taxonomy-options.class.php:43

actionadmin_footerincludes\wp-dev-kit\settings\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsincludes\wp-dev-kit\settings\fields\icon\icon.php:42

actionadmin_print_footer_scriptsincludes\wp-dev-kit\settings\fields\link\link.php:65

actionprint_default_editor_scriptsincludes\wp-dev-kit\settings\fields\wp_editor\wp_editor.php:64

actionbefore_woocommerce_initwoc-open-close.php:50

actionafter_uninstallwoc-open-close.php:54

actionadmin_enqueue_scriptswoc-open-close.php:87

actionwp_enqueue_scriptswoc-open-close.php:88

actionwidgets_initwoc-open-close.php:90

actioninitwoc-open-close.php:91

Maintenance & Trust

Open Close Store for WooCommerce – Business Hours Schedules Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 3, 2026

PHP min version7.4

Downloads76K

Community Trust

Rating68/100

Number of ratings41

Active installs700

Alternatives

Open Close Store for WooCommerce – Business Hours Schedules Manager Alternatives

StatusDot

statusdot

100

Real-time opening hours with a clean status dot, optional text, and countdown timers.

0 No CVEs

Business Hours Indicator

business-hours-indicator

100

Display opening hours and if you're currently open/closed, with countdown to next opening. Show or hide content only when open/closed & more!

8K 1 CVE

We’re Open!

opening-hours

Opening hours for your business, a joy to manage and highly customizable. Conditional excerpts; conditional/replacement text; Structured Data for SEO.

5K 5 CVEs

Store Hours for WooCommerce

order-hours-scheduler-for-woocommerce

Create Custom Open & Close Store Schedules for Automatically Enabling & Disabling Customer Checkout Functionality for WooCommerce.

2K 1 CVE

Popping Content Light

popping-content-light

Custom popping layouts. Insert ready to use shortcodes in just a few clicks.

100 1 unpatched

Developer Profile

Open Close Store for WooCommerce – Business Hours Schedules Manager Developer Profile

StackWC

4 plugins · 2K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

338 days

View full developer profile

Detection Fingerprints

How We Detect Open Close Store for WooCommerce – Business Hours Schedules Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woc-open-close/assets/jquery-timepicker.js/wp-content/plugins/woc-open-close/assets/chosen.jquery.min.js/wp-content/plugins/woc-open-close/assets/admin/js/scripts.js/wp-content/plugins/woc-open-close/assets/front/js/scripts.js/wp-content/plugins/woc-open-close/assets/front/css/style.css

Script Paths

Version Parameters

woc-open-close/assets/jquery-timepicker.js?ver=woc-open-close/assets/chosen.jquery.min.js?ver=woc-open-close/assets/admin/js/scripts.js?ver=woc-open-close/assets/front/js/scripts.js?ver=woc-open-close/assets/front/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

woc-container-fluidwoc-open-close-main-wrapwoc-daily-schedule-wrapwoc-add-schedule-btnwoc-schedule-itemwoc-status-activewoc-status-inactivewoc-schedule-edit-btn+2 more

HTML Comments

+3 more

Data Attributes

data-woc-iddata-woc-actiondata-woc-schedule-id

JS Globals

wooopenclose

FAQ

Open Close Store for WooCommerce – Business Hours Schedules Manager Security & Risk Analysis

Is Open Close Store for WooCommerce – Business Hours Schedules Manager Safe to Use in 2026?

High Risk

Key Concerns

Open Close Store for WooCommerce – Business Hours Schedules Manager Security Vulnerabilities

CVEs by Year

Severity Breakdown

Open Close Store for WooCommerce – Business Hours Schedules Manager Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Open Close Store for WooCommerce – Business Hours Schedules Manager Attack Surface

AJAX Handlers 11

Shortcodes 2

Open Close Store for WooCommerce – Business Hours Schedules Manager Maintenance & Trust

Maintenance Signals

Community Trust

Open Close Store for WooCommerce – Business Hours Schedules Manager Alternatives

StatusDot

Business Hours Indicator

We’re Open!

Store Hours for WooCommerce

Popping Content Light

Open Close Store for WooCommerce – Business Hours Schedules Manager Developer Profile

How We Detect Open Close Store for WooCommerce – Business Hours Schedules Manager

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Open Close Store for WooCommerce – Business Hours Schedules Manager