WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #501 | Contact List – Online Staff Directory & Address Book | 33 | 118 | 342 | 1k+ | Nonce verification recommended | ||
| #502 | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | 33 | 265 | 230 | 40k+ | Output is not escaped | ||
| #503 | EchBay Phonering Alo | 33 | 74 | 47 | 1k+ | Output is not escaped | ||
| #504 | Flipbox – Awesomes Flip Boxes Image Overlay | 33 | 400 | 7,279 | 10k+ | Input is not validated | ||
| #505 | WPZOOM Social Feed Widget & Block | 33 | 310 | 278 | 60k+ | Unsafe printing function | ||
| #506 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | 33 | 274 | 106 | 3k+ | Text Domain Mismatch | ||
| #507 | Save as PDF Plugin by PDFCrowd | 33 | 299 | 254 | 1k+ | Non-prefixed global variable | ||
| #508 | WP Twitter Auto Publish | 33 | 442 | 171 | 4k+ | Output is not escaped | ||
| #509 | Rich Showcase for Google Reviews | 33 | 230 | 227 | 100k+ | Output is not escaped | ||
| #510 | Product Addons for Woocommerce – Product Options with Custom Fields | 33 | 124 | 114 | 30k+ | Output is not escaped | ||
| #511 | Hyyan WooCommerce Polylang Integration | 33 | 141 | 220 | 9k+ | Nonce verification recommended | ||
| #512 | XML Sitemaps | 33 | 65 | 62 | 2k+ | Output is not escaped | ||
| #513 | All In One Favicon | 34 | 214 | 62 | 60k+ | Output is not escaped | ||
| #514 | Reviews Widgets for Google, Yelp & TripAdvisor | 34 | 274 | 212 | 10k+ | Output is not escaped | ||
| #515 | Flash Toolkit | 34 | 159 | 242 | 10k+ | Non-prefixed global variable | ||
| #516 | Forms: 3rd-Party Integration | 34 | 234 | 112 | 5k+ | Output is not escaped | ||
| #517 | Inavii Social Feed – Live Social Proof Gallery | 34 | 532 | 180 | 9k+ | Text Domain Mismatch | ||
| #518 | Meow Lightbox | 34 | 75 | 52 | 10k+ | Non Singular String Literal Domain | ||
| #519 | OTP Login & Register Woocommerce | 34 | 148 | 202 | 1k+ | Missing nonce verification | ||
| #520 | Payoneer Checkout | 34 | 168 | 41 | 5k+ | Exception output is not escaped | ||
| #521 | RaraTheme Companion | 34 | 430 | 71 | 10k+ | Output is not escaped | ||
| #522 | Event Timeline – Vertical Timeline | 34 | 26 | 684 | 1k+ | Non-prefixed global variable | ||
| #523 | Search Engine Insights for Google Search Console | 34 | 174 | 113 | 2k+ | Output is not escaped | ||
| #524 | Tab Ultimate | 34 | 107 | 138 | 1k+ | Output is not escaped | ||
| #525 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #526 | Travel Agency Companion – Create Tour & Travel Website Using WP Travel Engine | 34 | 128 | 211 | 4k+ | Non-prefixed global variable | ||
| #527 | Donation Platform for WooCommerce: Fundraising & Donation Management | 34 | 331 | 448 | 7k+ | Non-prefixed global variable | ||
| #528 | Advanced Free Shipping for WooCommerce | 34 | 270 | 132 | 40k+ | Text Domain Mismatch | ||
| #529 | WP Dummy Content Generator | 34 | 93 | 130 | 6k+ | Output is not escaped | ||
| #530 | WP Dynamic Keywords Injector | 34 | 45 | 205 | 1k+ | Nonce verification recommended | ||
| #531 | WP Random Post Thumbnails | 34 | 420 | 26 | 1k+ | Text Domain Mismatch | ||
| #532 | Live Visitor Counter | 34 | 108 | 114 | 4k+ | Interpolated SQL is not prepared | ||
| #533 | YourChannel: Everything you want in a YouTube plugin. | 34 | 262 | 115 | 10k+ | Text Domain Mismatch | ||
| #534 | Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades | 34 | 571 | 195 | 100k+ | Output is not escaped | ||
| #535 | ACF OpenStreetMap Field | 35 | 40 | 46 | 9k+ | Non-prefixed global variable | ||
| #536 | Ad Widget for WordPress | 35 | 68 | 14 | 2k+ | Output is not escaped | ||
| #537 | Authors Widget | 35 | 170 | 19 | 1k+ | Output is not escaped | ||
| #538 | BlossomThemes Toolkit | 35 | 347 | 52 | 30k+ | Output is not escaped | ||
| #539 | Tooltipy (tooltips for WP) | 35 | 370 | 125 | 1k+ | Text Domain Mismatch | ||
| #540 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 9k+ | Request data is not unslashed | ||
| #541 | Coupon X – Discount Popups, Promo Codes Pop Ups for WooCommerce & Announcement Popups | 35 | 30 | 168 | 1k+ | Non-prefixed global variable | ||
| #542 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #543 | Email Subscription Popup — Newsletter & GDPR Consent | 35 | 683 | 193 | 1k+ | Output is not escaped | ||
| #544 | EWWW Image Optimizer | 35 | 225 | 729 | 1m+ | Direct Query | ||
| #545 | WP2Social Auto Publish | 35 | 643 | 215 | 9k+ | Unsafe printing function | ||
| #546 | Full Width Banner Slider Wp | 35 | 239 | 140 | 2k+ | Output is not escaped | ||
| #547 | GDPR Compliance & Cookie Consent | 35 | 251 | 61 | 4k+ | Output is not escaped | ||
| #548 | Health Check & Troubleshooting | 35 | 264 | 238 | 300k+ | Missing Arg Domain | ||
| #549 | Instapage Plugin | 35 | 220 | 45 | 5k+ | Output is not escaped | ||
| #550 | Kargo Takip | 35 | 84 | 142 | 3k+ | Missing nonce verification |
