WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

Use `wp_rand()` for ordinary WordPress randomness.
Use PHP cryptographic randomness for security-sensitive tokens.
Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Themify Builder	9	5,195	2,096	5k+	5 days ago	Text Domain Mismatch
#2	JetBackup – Backup, Restore & Migrate	10	1,559	145	100k+	2 months ago	Exception Not Escaped
#3	wpForo Forum	17	4,033	2,922	20k+	21 days ago	Unsafe Printing Function
#4	Prime Slider Addons for Elementor	18	3,500	230	100k+	6 days ago	Text Domain Mismatch
#5	Podlove Podcast Publisher	18	2,326	1,429	3k+	17 days ago	Output Not Escaped
#6	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	9 days ago	Non Prefixed Variable Found
#7	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#8	WP Directory Kit	18	2,119	2,617	2k+	2 months ago	Non Prefixed Variable Found
#9	Element Pack – Widgets, Templates & Addons for Elementor	19	9,448	517	100k+	5 days ago	Text Domain Mismatch
#10	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)	19	3,275	3,228	10k+	7 months ago	Output Not Escaped
#11	Matomo Analytics – Powerful, Privacy-First Insights for WordPress	19	1,909	878	100k+	5 days ago	Exception Not Escaped
#12	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	4 days ago	Missing Translators Comment
#13	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#14	Brizy – Page Builder	20	589	720	70k+	12 days ago	Output Not Escaped
#15	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	3 days ago	Output Not Escaped
#16	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	6 days ago	Output Not Escaped
#17	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#18	Nimble Page Builder	20	1,591	1,684	30k+	1 year ago	Missing Arg Domain
#19	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#20	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	1 month ago	Output Not Escaped
#21	Razorpay for WooCommerce	20	974	855	100k+	2 days ago	Non Prefixed Function Found
#22	WPJAM Basic	20	328	356	4k+	5 days ago	Output Not Escaped
#23	Backup Migration	21	981	1,093	80k+	16 days ago	Non Prefixed Variable Found
#24	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#25	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#26	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	19 days ago	Text Domain Mismatch
#27	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#28	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	3 days ago	Direct Query
#29	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	yesterday	Non Prefixed Variable Found
#30	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	11 days ago	Output Not Escaped
#31	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#32	MotoPress Hotel Booking	21	3,061	1,037	10k+	6 days ago	Text Domain Mismatch
#33	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	19 days ago	Non Prefixed Variable Found
#34	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	11 days ago	Recommended
#35	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#36	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	13 days ago	Text Domain Mismatch
#37	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#38	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#39	ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	21	190	660	30k+	25 days ago	Non Prefixed Variable Found
#40	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found
#41	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non Prefixed Variable Found
#42	WebP Express	21	160	427	300k+	2 days ago	Non Prefixed Variable Found
#43	Wise Chat	21	470	506	5k+	3 months ago	Output Not Escaped
#44	Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	21	786	3,395	30k+	4 days ago	Non Prefixed Variable Found
#45	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#46	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#47	Premium Packages – Sell Digital Products Securely	21	2,765	2,444	3k+	6 months ago	Output Not Escaped
#48	WPScan – WordPress Security Scanner	21	527	265	8k+	5 months ago	Text Domain Mismatch
#49	Frontend Admin by DynamiApps	22	5,922	3,208	10k+	4 days ago	Text Domain Mismatch
#50	Booking for Appointments and Events Calendar – Amelia	22	1,489	480	90k+	3 days ago	Exception Not Escaped