WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

  • Use `wp_rand()` for ordinary WordPress randomness.
  • Use PHP cryptographic randomness for security-sensitive tokens.
  • Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#801Random Post Plugin – Redirect URL to Post4028744k+Nonce verification recommended
#802Search Live4013271600Output is not escaped
#803Simple Statistics for Feeds4064131800Nonce verification recommended
#804TZ Flickr Widget40677600Output is not escaped
#805Universal Honey Pot4023941k+Missing nonce verification
#806Upcoming Events Lists407517900Text Domain Mismatch
#807Visma Pay for Woocommerce4027372k+Output is not escaped
#808yubikey-plugin406433400Text Domain Mismatch
#809Easy PayPal & Stripe Buy Now Button403889610k+Unsafe printing function
#810WP Paint – WordPress Image Editor4030296k+Missing Arg Domain
#811WPS Menu Exporter40472210k+Output is not escaped
#812Categorized Tag Cloud4144171k+Output is not escaped
#813Social Sharing Plugin – Kiwi4123804k+Non-prefixed global variable
#814Posts 2 Posts41427310k+Non Singular String Literal Domain
#815Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress41271682k+Request data is not unslashed
#816WP Lorem ipsum413729500Unsafe printing function
#817WP Media folders4119743k+Direct Query
#818Cookie Notify421554400Input is not validated
#819Custom Fields for Gutenberg4224241k+Output is not escaped
#820iyzico for WooCommerce42345410k+Unsafe printing function
#821Mailster Cool Captcha426528400Text Domain Mismatch
#822Medical Addon for Elementor4220081k+Text Domain Mismatch
#823Republish Old Posts4283242k+Output is not escaped
#824Responsive Mortgage Calculator4238287k+Output is not escaped
#825Simple Download Counter4258462k+Output is not escaped
#826Anti-spam Reloaded4319192k+Output is not escaped
#827BMI Adult & Kid Calculator4333138700Request data is not unslashed
#828Simple Mortgage Calculator436731k+Text Domain Mismatch
#829Sinbyte Indexer4361192k+Text Domain Mismatch
#830WP Extra File Types43112640k+Request data is not unslashed
#831Custom Dashboard Help Widget447312900Output is not escaped
#832Github Embed4418351k+Non-prefixed global variable
#833Narrative Publisher4428371k+Text Domain Mismatch
#834WP Club Manager – WordPress Sports Club Plugin44171682600Non-prefixed global variable
#835Evergreen Countdown Timer45193352k+wp function not compatible with requires wp
#836DarkMySite – Advanced Dark Mode Plugin for WordPress46221001k+Request data is not unslashed
#837Link in Bio Creator – Social4652362k+Non Singular String Literal Domain
#838Updater by BestWebSoft464942192k+Text Domain Mismatch
#8393CX Free Live Chat, Calls & Messaging472416100k+Output is not escaped
#840Add Polylang support for Customizer4818202k+Nonce verification recommended
#841Ansar Import – One Click Starter Sites – for Elementor & Themes482711610k+Non-prefixed global variable
#842Comment Notifier481055400Non-prefixed global variable
#843Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms483414800Non Singular String Literal Domain
#844Visual Website Optimizer488645k+wp function not compatible with requires wp
#845Video Background4935269k+Unsafe printing function
#846Quotes and Tips by BestWebSoft514851901k+Text Domain Mismatch
#847Wenprise Pinyin Slug5230344k+Text Domain Mismatch
#848International Telephone Input for Contact Form 75318108k+Missing direct file access protection
#849LexonRank: AI Link Building, Free Backlinks & SEO Automation5515201k+Nonce verification recommended
#850Mortgage Calculator5598164k+Text Domain Mismatch