WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #551 | UX Flat | 30 | 539 | 203 | 1k+ | Missing Arg Domain | ||
| #552 | WooCommerce Stripe Payment Gateway | 30 | 173 | 591 | 700k+ | Non-prefixed hook name | ||
| #553 | Photo Gallery Slideshow & Masonry Tiled Gallery | 30 | 806 | 352 | 1k+ | Output is not escaped | ||
| #554 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #555 | WPS Cleaner | 30 | 430 | 491 | 20k+ | Output is not escaped | ||
| #556 | Zoho CRM Lead Magnet | 30 | 101 | 1,025 | 3k+ | Request data is not unslashed | ||
| #557 | Advanced Woo Search – Product Search for WooCommerce | 31 | 228 | 377 | 70k+ | Nonce verification recommended | ||
| #558 | Apaczka.pl WooCommerce | 31 | 99 | 276 | 1k+ | Non-prefixed global variable | ||
| #559 | Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam | 31 | 598 | 70 | 700 | Text Domain Mismatch | ||
| #560 | Co-marquage service-public.fr | 31 | 84 | 213 | 1k+ | Non-prefixed global variable | ||
| #561 | Codeless Page Builder | 31 | 415 | 258 | 900 | Text Domain Mismatch | ||
| #562 | افزونه پیامک حرفه ای فراز اس ام اس | 31 | 89 | 180 | 2k+ | wp function not compatible with requires wp | ||
| #563 | FastDup – Fastest WordPress Migration & Duplicator | 31 | 83 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #564 | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | 31 | 402 | 156 | 1k+ | Text Domain Mismatch | ||
| #565 | Kindeditor For WordPress | 31 | 63 | 130 | 500 | Non-prefixed global variable | ||
| #566 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #567 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #568 | Mailgun for WordPress | 31 | 144 | 78 | 80k+ | Unsafe printing function | ||
| #569 | PanoPress | 31 | 111 | 234 | 2k+ | Output is not escaped | ||
| #570 | Social Share Buttons | 31 | 462 | 156 | 1k+ | Text Domain Mismatch | ||
| #571 | Page Builder by SiteOrigin | 31 | 226 | 214 | 400k+ | Output is not escaped | ||
| #572 | WP Testimonials | 31 | 183 | 455 | 10k+ | Non-prefixed global variable | ||
| #573 | Discussion Board – WordPress Forum Plugin | 31 | 105 | 153 | 2k+ | Request data is not unslashed | ||
| #574 | WP Simple Booking Calendar | 31 | 337 | 380 | 20k+ | Output is not escaped | ||
| #575 | WP Visitor Statistics (Real Time Traffic) | 31 | 353 | 691 | 20k+ | Nonce verification recommended | ||
| #576 | Hosting Benchmark tool | 31 | 202 | 115 | 4k+ | rand rand | ||
| #577 | YAHMAN Add-ons | 31 | 468 | 141 | 1k+ | Output is not escaped | ||
| #578 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #579 | PayPal Zettle POS for WooCommerce | 31 | 302 | 44 | 4k+ | Exception output is not escaped | ||
| #580 | ACME Divi Modules | 32 | 573 | 35 | 400 | Text Domain Mismatch | ||
| #581 | ActiveDEMAND | 32 | 157 | 161 | 1k+ | Output is not escaped | ||
| #582 | annasta Filters for WooCommerce | 32 | 1,073 | 441 | 2k+ | Text Domain Mismatch | ||
| #583 | Aqua Page Builder | 32 | 320 | 114 | 3k+ | Output is not escaped | ||
| #584 | Ultimate WooCommerce Filters | 32 | 322 | 207 | 600 | Unsafe printing function | ||
| #585 | Currency Switcher for WooCommerce | 32 | 357 | 263 | 10k+ | Text Domain Mismatch | ||
| #586 | DHL eCommerce (Benelux) for WooCommerce | 32 | 222 | 330 | 2k+ | Nonce verification recommended | ||
| #587 | FA Lite – WP responsive slider plugin | 32 | 726 | 140 | 500 | Unsafe printing function | ||
| #588 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 773 | 9k+ | Nonce verification recommended | ||
| #589 | Insights from Google PageSpeed | 32 | 414 | 475 | 20k+ | Text Domain Mismatch | ||
| #590 | GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) | 32 | 120 | 145 | 8k+ | Non-prefixed global variable | ||
| #591 | Gwolle Guestbook | 32 | 269 | 527 | 20k+ | Output is not escaped | ||
| #592 | Helcim Commerce for WooCommerce | 32 | 94 | 121 | 800 | Text Domain Mismatch | ||
| #593 | MapPress Maps for WordPress | 32 | 695 | 133 | 30k+ | Missing Arg Domain | ||
| #594 | WP Mobile Menu – The Mobile-Friendly Responsive Menu | 32 | 990 | 195 | 80k+ | Output is not escaped | ||
| #595 | Notice Bar | 32 | 95 | 284 | 700 | Non-prefixed global variable | ||
| #596 | Opal Mega Menu | 32 | 419 | 119 | 400 | Text Domain Mismatch | ||
| #597 | گرویتی فرم فارسی | 32 | 190 | 174 | 20k+ | Text Domain Mismatch | ||
| #598 | PilotPress | 32 | 150 | 285 | 900 | Output is not escaped | ||
| #599 | TS Poll – Survey, Versus Poll, Image Poll, Video Poll | 32 | 570 | 171 | 4k+ | Text Domain Mismatch | ||
| #600 | Volunteer Sign Up Sheets | 32 | 967 | 401 | 1k+ | Output is not escaped |
