WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #751 | Bible Verse of the Day | 38 | 378 | 23 | 3k+ | Unsafe printing function | ||
| #752 | Bulgarisation for WooCommerce | 38 | 128 | 592 | 5k+ | Nonce verification recommended | ||
| #753 | Certificate Verification | 38 | 33 | 40 | 1k+ | Output is not escaped | ||
| #754 | GoodBarber | 38 | 38 | 73 | 1k+ | Nonce verification recommended | ||
| #755 | Maintenance Redirect | 38 | 244 | 132 | 10k+ | Missing Arg Domain | ||
| #756 | MX Time Zone Clocks | 38 | 219 | 41 | 1k+ | Output is not escaped | ||
| #757 | PDF Catalog for WooCommerce | 38 | 30 | 46 | 1k+ | Nonce verification recommended | ||
| #758 | Polaroid Gallery | 38 | 105 | 20 | 1k+ | Unsafe printing function | ||
| #759 | RSS Feed Widget | 38 | 207 | 89 | 2k+ | Unsafe printing function | ||
| #760 | Shapely Companion | 38 | 49 | 39 | 10k+ | Output is not escaped | ||
| #761 | Simple JWT Login – Allows you to use JWT on REST endpoints. | 38 | 712 | 95 | 4k+ | Output is not escaped | ||
| #762 | Stock Market News | 38 | 71 | 11 | 500 | Output is not escaped | ||
| #763 | Stock Market Overview | 38 | 86 | 14 | 1k+ | Output is not escaped | ||
| #764 | Stock Market Ticker | 38 | 69 | 14 | 3k+ | Output is not escaped | ||
| #765 | Stock Quotes List | 38 | 72 | 13 | 600 | Output is not escaped | ||
| #766 | VdoCipher: Secure Video Player and Hosting | 38 | 37 | 54 | 2k+ | Non-prefixed function | ||
| #767 | Vertical News Scroller | 38 | 118 | 60 | 5k+ | Output is not escaped | ||
| #768 | Products Coming Soon for WooCommerce | 38 | 151 | 62 | 700 | Output is not escaped | ||
| #769 | mb.miniAudioPlayer – an HTML5 audio player for your mp3 files | 38 | 204 | 6 | 4k+ | Unsafe printing function | ||
| #770 | mb.YTPlayer for background videos | 38 | 80 | 29 | 1k+ | Unsafe printing function | ||
| #771 | Smart Custom 404 Error Page | 39 | 90 | 44 | 100k+ | Output is not escaped | ||
| #772 | Blogger Importer Extended | 39 | 55 | 45 | 4k+ | Output is not escaped | ||
| #773 | Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR) | 39 | 28 | 45 | 80k+ | Missing nonce verification | ||
| #774 | BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress | 39 | 480 | 226 | 4k+ | Text Domain Mismatch | ||
| #775 | Gift Up Gift Cards for WordPress and WooCommerce | 39 | 94 | 60 | 5k+ | Output is not escaped | ||
| #776 | GoSMTP – SMTP for WordPress | 39 | 59 | 42 | 500k+ | Output is not escaped | ||
| #777 | Graphina – Charts and Graphs For Elementor | 39 | 1,895 | 113 | 10k+ | Text Domain Mismatch | ||
| #778 | GS Only PDF Preview | 39 | 46 | 36 | 1k+ | Output is not escaped | ||
| #779 | HTML5 Cumulus | 39 | 132 | 33 | 1k+ | Output is not escaped | ||
| #780 | Mega Addons For WPBakery Page Builder | 39 | 1,320 | 154 | 20k+ | Text Domain Mismatch | ||
| #781 | Designil PDPA Thailand | 39 | 131 | 36 | 3k+ | Output is not escaped | ||
| #782 | QR Redirector | 39 | 48 | 54 | 4k+ | Output is not escaped | ||
| #783 | Simpaisa Wallet (Jazzcash & Easypaisa) Payment Services | 39 | 67 | 74 | 1k+ | Interpolated Variable Text | ||
| #784 | SKP WP Admin Login Captcha | 39 | 77 | 18 | 1k+ | Output is not escaped | ||
| #785 | upPrev | 39 | 35 | 36 | 1k+ | Dynamic hook name | ||
| #786 | Use Any Font | Custom Font Uploader | 39 | 36 | 55 | 200k+ | Request data is not unslashed | ||
| #787 | WP Limit Login Attempts | 39 | 26 | 67 | 10k+ | Direct Query | ||
| #788 | WP Sitemap Control | 39 | 31 | 37 | 400 | Output is not escaped | ||
| #789 | WPS Child Theme Generator | 39 | 111 | 85 | 6k+ | Unsafe printing function | ||
| #790 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #791 | Charity Addon for Elementor | 40 | 480 | 8 | 1k+ | Text Domain Mismatch | ||
| #792 | Dashboard Welcome for Beaver Builder | 40 | 38 | 24 | 2k+ | Output is not escaped | ||
| #793 | Easy Textillate | 40 | 63 | 12 | 1k+ | Unsafe printing function | ||
| #794 | Export Post Info | 40 | 66 | 3 | 1k+ | Unsafe printing function | ||
| #795 | Product Enquiry for WooCommerce | 40 | 57 | 41 | 3k+ | Output is not escaped | ||
| #796 | Gravity Forms Data Persistence Add-On Reloaded | 40 | 14 | 38 | 700 | Input is not sanitized | ||
| #797 | WP Armour – Honeypot Anti Spam | 40 | 55 | 66 | 400k+ | Missing nonce verification | ||
| #798 | La Sentinelle antispam | 40 | 88 | 46 | 3k+ | Output is not escaped | ||
| #799 | No-Bot Registration | 40 | 112 | 42 | 2k+ | Unsafe printing function | ||
| #800 | List Petfinder Pets | 40 | 121 | 46 | 400 | Output is not escaped |