WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

  • Use `wp_rand()` for ordinary WordPress randomness.
  • Use PHP cryptographic randomness for security-sensitive tokens.
  • Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#751Bible Verse of the Day38378233k+Unsafe printing function
#752Bulgarisation for WooCommerce381285925k+Nonce verification recommended
#753Certificate Verification3833401k+Output is not escaped
#754GoodBarber3838731k+Nonce verification recommended
#755Maintenance Redirect3824413210k+Missing Arg Domain
#756MX Time Zone Clocks38219411k+Output is not escaped
#757PDF Catalog for WooCommerce3830461k+Nonce verification recommended
#758Polaroid Gallery38105201k+Unsafe printing function
#759RSS Feed Widget38207892k+Unsafe printing function
#760Shapely Companion38493910k+Output is not escaped
#761Simple JWT Login – Allows you to use JWT on REST endpoints.38712954k+Output is not escaped
#762Stock Market News387111500Output is not escaped
#763Stock Market Overview3886141k+Output is not escaped
#764Stock Market Ticker3869143k+Output is not escaped
#765Stock Quotes List387213600Output is not escaped
#766VdoCipher: Secure Video Player and Hosting3837542k+Non-prefixed function
#767Vertical News Scroller38118605k+Output is not escaped
#768Products Coming Soon for WooCommerce3815162700Output is not escaped
#769mb.miniAudioPlayer – an HTML5 audio player for your mp3 files3820464k+Unsafe printing function
#770mb.YTPlayer for background videos3880291k+Unsafe printing function
#771Smart Custom 404 Error Page399044100k+Output is not escaped
#772Blogger Importer Extended3955454k+Output is not escaped
#773Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)39284580k+Missing nonce verification
#774BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress394802264k+Text Domain Mismatch
#775Gift Up Gift Cards for WordPress and WooCommerce3994605k+Output is not escaped
#776GoSMTP – SMTP for WordPress395942500k+Output is not escaped
#777Graphina – Charts and Graphs For Elementor391,89511310k+Text Domain Mismatch
#778GS Only PDF Preview3946361k+Output is not escaped
#779HTML5 Cumulus39132331k+Output is not escaped
#780Mega Addons For WPBakery Page Builder391,32015420k+Text Domain Mismatch
#781Designil PDPA Thailand39131363k+Output is not escaped
#782QR Redirector3948544k+Output is not escaped
#783Simpaisa Wallet (Jazzcash & Easypaisa) Payment Services3967741k+Interpolated Variable Text
#784SKP WP Admin Login Captcha3977181k+Output is not escaped
#785upPrev3935361k+Dynamic hook name
#786Use Any Font | Custom Font Uploader393655200k+Request data is not unslashed
#787WP Limit Login Attempts39266710k+Direct Query
#788WP Sitemap Control393137400Output is not escaped
#789WPS Child Theme Generator39111856k+Unsafe printing function
#790WPS Limit Login3915276100k+Output is not escaped
#791Charity Addon for Elementor4048081k+Text Domain Mismatch
#792Dashboard Welcome for Beaver Builder4038242k+Output is not escaped
#793Easy Textillate4063121k+Unsafe printing function
#794Export Post Info406631k+Unsafe printing function
#795Product Enquiry for WooCommerce4057413k+Output is not escaped
#796Gravity Forms Data Persistence Add-On Reloaded401438700Input is not sanitized
#797WP Armour – Honeypot Anti Spam405566400k+Missing nonce verification
#798La Sentinelle antispam4088463k+Output is not escaped
#799No-Bot Registration40112422k+Unsafe printing function
#800List Petfinder Pets4012146400Output is not escaped