WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #701 | Product Enquiry for WooCommerce | 40 | 57 | 41 | 3k+ | Output is not escaped | ||
| #702 | WP Armour – Honeypot Anti Spam | 40 | 56 | 66 | 400k+ | Missing nonce verification | ||
| #703 | La Sentinelle antispam | 40 | 88 | 46 | 3k+ | Output is not escaped | ||
| #704 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe printing function | ||
| #705 | Random Post Plugin – Redirect URL to Post | 40 | 28 | 74 | 4k+ | Nonce verification recommended | ||
| #706 | Simple Statistics for Feeds | 40 | 64 | 131 | 800 | Nonce verification recommended | ||
| #707 | Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress | 40 | 28 | 167 | 2k+ | Request data is not unslashed | ||
| #708 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | Missing nonce verification | ||
| #709 | Upcoming Events Lists | 40 | 75 | 17 | 900 | Text Domain Mismatch | ||
| #710 | Visma Pay for Woocommerce | 40 | 27 | 37 | 2k+ | Output is not escaped | ||
| #711 | Easy PayPal & Stripe Buy Now Button | 40 | 388 | 96 | 10k+ | Unsafe printing function | ||
| #712 | WP Paint – WordPress Image Editor | 40 | 30 | 29 | 6k+ | Missing Arg Domain | ||
| #713 | WPS Menu Exporter | 40 | 47 | 22 | 10k+ | Output is not escaped | ||
| #714 | Categorized Tag Cloud | 41 | 44 | 17 | 1k+ | Output is not escaped | ||
| #715 | Social Sharing Plugin – Kiwi | 41 | 23 | 80 | 4k+ | Non-prefixed global variable | ||
| #716 | Posts 2 Posts | 41 | 42 | 73 | 10k+ | Non Singular String Literal Domain | ||
| #717 | WP Media folders | 41 | 19 | 74 | 3k+ | Direct Query | ||
| #718 | Custom Fields for Gutenberg | 42 | 24 | 24 | 1k+ | Output is not escaped | ||
| #719 | iyzico for WooCommerce | 42 | 34 | 54 | 10k+ | Unsafe printing function | ||
| #720 | Medical Addon for Elementor | 42 | 200 | 8 | 1k+ | Text Domain Mismatch | ||
| #721 | Republish Old Posts | 42 | 83 | 24 | 2k+ | Output is not escaped | ||
| #722 | Responsive Mortgage Calculator | 42 | 38 | 28 | 7k+ | Output is not escaped | ||
| #723 | Simple Download Counter | 42 | 58 | 46 | 2k+ | Output is not escaped | ||
| #724 | Anti-spam Reloaded | 43 | 19 | 19 | 2k+ | Output is not escaped | ||
| #725 | BMI Adult & Kid Calculator | 43 | 33 | 138 | 700 | Request data is not unslashed | ||
| #726 | Simple Mortgage Calculator | 43 | 67 | 3 | 1k+ | Text Domain Mismatch | ||
| #727 | Sinbyte Indexer | 43 | 61 | 19 | 2k+ | Text Domain Mismatch | ||
| #728 | WP Extra File Types | 43 | 11 | 26 | 40k+ | Request data is not unslashed | ||
| #729 | Custom Dashboard Help Widget | 44 | 73 | 12 | 900 | Output is not escaped | ||
| #730 | Github Embed | 44 | 18 | 35 | 1k+ | Non-prefixed global variable | ||
| #731 | Narrative Publisher | 44 | 28 | 37 | 1k+ | Text Domain Mismatch | ||
| #732 | Evergreen Countdown Timer | 45 | 193 | 35 | 2k+ | wp function not compatible with requires wp | ||
| #733 | DarkMySite – Advanced Dark Mode Plugin for WordPress | 46 | 22 | 100 | 1k+ | Request data is not unslashed | ||
| #734 | Link in Bio Creator – Social | 46 | 52 | 36 | 2k+ | Non Singular String Literal Domain | ||
| #735 | Updater by BestWebSoft | 46 | 494 | 219 | 2k+ | Text Domain Mismatch | ||
| #736 | 3CX Free Live Chat, Calls & Messaging | 46 | 24 | 16 | 100k+ | Output is not escaped | ||
| #737 | Add Polylang support for Customizer | 48 | 18 | 20 | 2k+ | Nonce verification recommended | ||
| #738 | Ansar Import – One Click Starter Sites – for Elementor & Themes | 48 | 27 | 116 | 20k+ | Non-prefixed global variable | ||
| #739 | Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms | 48 | 34 | 14 | 800 | Non Singular String Literal Domain | ||
| #740 | Visual Website Optimizer | 48 | 86 | 4 | 5k+ | wp function not compatible with requires wp | ||
| #741 | Video Background | 49 | 35 | 26 | 9k+ | Unsafe printing function | ||
| #742 | Quotes and Tips by BestWebSoft | 51 | 485 | 190 | 1k+ | Text Domain Mismatch | ||
| #743 | Wenprise Pinyin Slug | 52 | 30 | 34 | 4k+ | Text Domain Mismatch | ||
| #744 | International Telephone Input for Contact Form 7 | 53 | 18 | 10 | 8k+ | Missing direct file access protection | ||
| #745 | LexonRank: AI Link Building, Free Backlinks & SEO Automation | 55 | 15 | 20 | 1k+ | Nonce verification recommended | ||
| #746 | Mortgage Calculator | 55 | 98 | 16 | 4k+ | Text Domain Mismatch | ||
| #747 | Refer A Friend for WooCommerce by WPGens | 55 | 77 | 21 | 1k+ | Text Domain Mismatch | ||
| #748 | Rescue Shortcodes | 55 | 54 | 2 | 1k+ | Unsafe printing function | ||
| #749 | Anti-Captcha (anti-spam botblocker) | 56 | 23 | 26 | 1k+ | rand mt rand | ||
| #750 | SMTP by BestWebSoft | 56 | 486 | 175 | 1k+ | Text Domain Mismatch |
