WordPress.WP.AlternativeFunctions.rand_mt_rand

rand mt rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

  • Use `wp_rand()` for ordinary WordPress randomness.
  • Use PHP cryptographic randomness for security-sensitive tokens.
  • Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#101Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent222255198k+error log error log
#102Customize Feeds for Twitter22921714k+Non-prefixed global variable
#103Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links221,0441,79720k+Non-prefixed global variable
#104UpStream: a Project Management Plugin for WordPress22683703600Non-prefixed global variable
#105URL Shortify – Simple and Easy URL Shortener221,5202,68910k+Non-prefixed global variable
#106Welcart e-Commerce2210,37810,93110k+Text Domain Mismatch
#107WCFM Marketplace – Multivendor Marketplace for WooCommerce221,9341,96610k+Non-prefixed global variable
#108WCFM Membership – WooCommerce Memberships for Multivendor Marketplace2255967510k+Non-prefixed global variable
#109CoDesigner – All in One Elementor WooCommerce Builder224,1317745k+Text Domain Mismatch
#110Simple Shopping Cart2279653610k+Unsafe printing function
#111ManageWP Worker225075651m+Non-prefixed class
#112WP Express Checkout (Fast Payments via PayPal & Stripe)225916271k+Output is not escaped
#113File Manager227405201m+Unsafe printing function
#114WP Umbrella: Update Backup Restore & Monitoring2291891670k+Exception output is not escaped
#115AidWP – Donation & Payment Forms (Stripe Powered)221,3171,675800Non-prefixed global variable
#116YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports2265443510k+Exception output is not escaped
#117Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce231,1851,0271k+Text Domain Mismatch
#118AI Engine – The Chatbot, AI Framework & MCP for WordPress23412539100k+error log error log
#119Affiliate Super Assistent231,2802672k+Text Domain Mismatch
#120Kadence Security – Password, Two Factor Authentication, and Brute Force Protection231,053967700k+Missing Translators Comment
#121Geo Controller23914501k+Non-prefixed global variable
#122Content Egg – Affiliate Product Importer & Price Comparison231,2311,25710k+Non-prefixed global variable
#123Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)23306587100k+Dynamic hook name
#124Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification236756431k+Unsafe printing function
#125Easy Digital Downloads – eCommerce Payments and Subscriptions made easy233,72310,28340k+Non-prefixed namespace
#126Ezoic2343251610k+Output is not escaped
#127Flexmls® IDX Plugin231,2689571k+Output is not escaped
#128Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder234,7461,27930k+Non Singular String Literal Domain
#129GAinWP Google Analytics Integration for WordPress235251768k+Output is not escaped
#130RealHomes Memberships235162641k+Non Singular String Literal Domain
#131IP Geo Block233995899k+Output is not escaped
#132Joli FAQ SEO – WordPress FAQ Plugin231,0831,526700Non-prefixed global variable
#133Justified Gallery235891,4178k+Non-prefixed global variable
#134License Manager for WooCommerce231298196k+Request data is not unslashed
#135Like Button Rating ♥ LikeBtn231,2316174k+Unsafe printing function
#136Locatoraid Store Locator233186451k+Non-prefixed global variable
#137MailPoet – Newsletters, Email Marketing, and Automation23931719500k+Exception output is not escaped
#138MasterStudy LMS WordPress Plugin – for Online Courses and Education231,4194,87510k+Non-prefixed global variable
#139Media Library Assistant231,1443,94370k+Nonce verification recommended
#140Order Bump for WooCommerce231,7201,562600Output is not escaped
#141MotoPress Appointment Booking232,3628572k+Text Domain Mismatch
#142Restaurant Menu and Food Ordering233858532k+Non-prefixed global variable
#143MStore API – Create Native Android & iOS Apps On The Cloud236187643k+SQL query is not prepared
#144MultiParcels Shipping For WooCommerce231793564k+Request data is not unslashed
#145MyWorks Sync for WooCommerce & QuickBooks Online232,2929,1015k+Non-prefixed global variable
#146Next Active Directory Integration236832842k+Exception output is not escaped
#147NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization23316639100k+Output is not escaped
#148Patchstack – WordPress & Plugins Security2310748940k+Missing nonce verification
#149Photo Gallery by 10Web – Mobile-Friendly Image Gallery234,1591,553100k+Output is not escaped
#150AI Popup231,224636400Text Domain Mismatch