WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #601 | ONet Regenerate Thumbnails | 35 | 190 | 64 | 1k+ | Text Domain Mismatch | ||
| #602 | Plugin Ongkos Kirim JNE Tiki Sicepat Wahana J&T POS for Woocommerce | 35 | 117 | 144 | 2k+ | Output is not escaped | ||
| #603 | Paytm Payment Gateway | 35 | 92 | 104 | 3k+ | Missing Arg Domain | ||
| #604 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | Request data is not unslashed | ||
| #605 | SiteGround Migrator | 35 | 113 | 74 | 70k+ | Missing Arg Domain | ||
| #606 | Spacious Toolkit | 35 | 48 | 94 | 700 | Non-prefixed global variable | ||
| #607 | Stars Testimonials — Responsive Reviews & Star Ratings | 35 | 29 | 253 | 1k+ | Non-prefixed global variable | ||
| #608 | Team Showcase – Responsive Team Members Grid, Slider & Carousel Plugin | 35 | 1,000 | 410 | 2k+ | Text Domain Mismatch | ||
| #609 | Theme Blvd Layout Builder | 35 | 207 | 169 | 2k+ | Output is not escaped | ||
| #610 | Themify Shortcodes | 35 | 36 | 16 | 7k+ | Output is not escaped | ||
| #611 | TikTok | 35 | 31 | 22 | 200k+ | Missing Arg Domain | ||
| #612 | Two Factor Authentication | 35 | 108 | 139 | 20k+ | Output is not escaped | ||
| #613 | User Photo | 35 | 112 | 68 | 3k+ | Output is not escaped | ||
| #614 | Video Grid | 35 | 253 | 106 | 1k+ | Output is not escaped | ||
| #615 | W4 Post List | 35 | 50 | 138 | 3k+ | Non-prefixed global variable | ||
| #616 | Payment Gateway for PayPal Pro & PayPal Checkout for WooCommerce | 35 | 67 | 147 | 2k+ | Request data is not unslashed | ||
| #617 | Easy Accept Payments via PayPal | 35 | 322 | 128 | 7k+ | Text Domain Mismatch | ||
| #618 | WP GPX Maps | 35 | 27 | 100 | 4k+ | Non-prefixed global variable | ||
| #619 | WP Mailto Links – Protect Email Addresses | 35 | 95 | 69 | 8k+ | Output is not escaped | ||
| #620 | video carousel slider with lightbox | 35 | 350 | 136 | 1k+ | Output is not escaped | ||
| #621 | WP Spam Question Filter | 35 | 63 | 30 | 2k+ | Output is not escaped | ||
| #622 | wpLingua – Automatic translation – Translate and make website multilingual | 35 | 79 | 167 | 2k+ | Nonce verification recommended | ||
| #623 | Bulk Post Update Date | 36 | 96 | 66 | 10k+ | Unsafe printing function | ||
| #624 | Crelly Slider | 36 | 421 | 185 | 10k+ | Unsafe printing function | ||
| #625 | Doneren met Mollie | 36 | 420 | 351 | 4k+ | SQL query is not prepared | ||
| #626 | Drag and Drop Multiple File Upload for Contact Form 7 | 36 | 82 | 36 | 60k+ | wp function not compatible with requires wp | ||
| #627 | Genesis Sandbox Featured Content Widget | 36 | 229 | 24 | 1k+ | Text Domain Mismatch | ||
| #628 | Gutena Kit – Gutenberg Blocks and Templates | 36 | 39 | 87 | 1k+ | Nonce verification recommended | ||
| #629 | HTML5 Maps | 36 | 194 | 160 | 5k+ | Output is not escaped | ||
| #630 | HTTP Requests Manager | 36 | 98 | 90 | 1k+ | Output is not escaped | ||
| #631 | Subscribe to Comments | 36 | 129 | 163 | 10k+ | Output is not escaped | ||
| #632 | PDF Flipbook, WPBakery Addon – Unreal FlipBook | 36 | 400 | 92 | 1k+ | Non Singular String Literal Domain | ||
| #633 | Quantity Plus Minus Button for WooCommerce | 36 | 83 | 84 | 10k+ | Output is not escaped | ||
| #634 | Custom Add to Cart Button Label and Link for WooCommerce | 36 | 371 | 112 | 3k+ | Text Domain Mismatch | ||
| #635 | Payment Button for PayPal | 36 | 155 | 86 | 4k+ | Unsafe printing function | ||
| #636 | WP Hardening (discontinued) | 36 | 230 | 85 | 10k+ | Text Domain Mismatch | ||
| #637 | Visual CSS Style Editor | 36 | 283 | 233 | 40k+ | Output is not escaped | ||
| #638 | Login by Auth0 | 37 | 307 | 82 | 10k+ | Text Domain Mismatch | ||
| #639 | Random Posts and Pages Widget | 37 | 322 | 15 | 1k+ | Output is not escaped | ||
| #640 | ClickRank – Ai SEO Automation | 37 | 10 | 226 | 1k+ | Direct Query | ||
| #641 | Lightweight Subscribe To Comments | 37 | 105 | 70 | 1k+ | Unsafe printing function | ||
| #642 | Simple Custom CSS and JS | 37 | 168 | 69 | 600k+ | Output is not escaped | ||
| #643 | Easy Testimonial Slider and Form | 37 | 14 | 144 | 700 | Request data is not unslashed | ||
| #644 | Horizontal scrolling announcements | 37 | 215 | 140 | 8k+ | Output is not escaped | ||
| #645 | LearnPress – Course Review | 37 | 67 | 43 | 20k+ | Output is not escaped | ||
| #646 | Metorik – Reports & Email Automation for WooCommerce | 37 | 75 | 70 | 10k+ | Output is not escaped | ||
| #647 | NextGEN Scroll Gallery | 37 | 33 | 28 | 1k+ | Output is not escaped | ||
| #648 | Publish to Schedule | 37 | 195 | 43 | 4k+ | Text Domain Mismatch | ||
| #649 | SendWP | 37 | 47 | 42 | 10k+ | Output is not escaped | ||
| #650 | Spam Destroyer | 37 | 63 | 43 | 6k+ | rand rand |
