WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

  • Use `wp_rand()` for ordinary WordPress randomness.
  • Use PHP cryptographic randomness for security-sensitive tokens.
  • Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#851Anti-Captcha (anti-spam botblocker)5623261k+rand mt rand
#852SMTP by BestWebSoft564861751k+Text Domain Mismatch
#853reCAPTCHA for Ninja Forms56219600Output is not escaped
#854BestWebSoft’s Pinterest57490176500Text Domain Mismatch
#855Cache-Control572641k+Output is not escaped
#856WP Online Active Users5826452k+Non-prefixed global variable
#857Super Simple Event Calendar58824600Request data is not unslashed
#858Videopack582810810k+Input is not sanitized
#859pensopay Payments v259413321k+Non Singular String Literal Domain
#860Country and State Selection Addon for Gravity Forms6114261k+Non-prefixed constant
#861Countdown63430400Output is not escaped
#862Placeholder Image for WooCommerce63315400Output is not escaped
#863Dojo for WooCommerce657113800Text Domain Mismatch
#864QRCode652139400Non-prefixed constant
#865Debug Log Manager – Conveniently Monitor and Inspect Errors66334410k+Input is not validated
#866Printful Integration for WooCommerce672187650k+Text Domain Mismatch
#867Product Specifications for Woocommerce6712801k+Non-prefixed global variable
#868Custom Form Builder, Contact Forms, Payment Forms, Surveys, Polls6821181k+Output is not escaped
#869Cresta Social Messenger719101k+Non-prefixed function
#870WPS Notice Center711273k+Unsafe printing function
#871Amazing Affiliates – Toolkit for Amazon Associates with Amazon Product Blocks and Amazon PAAPI5 / Creators API integration723650600Non-prefixed global variable
#872Signature Field For Contact Form 7 – CF7Sign74912700Missing Translators Comment
#873Elements For Elementor74393710k+Non-prefixed global variable
#874Accordion Shortcode75170400Output is not escaped
#875Honeypot Anti Spam for Forminator Forms75471k+Missing nonce verification
#876PopupAlly7540102k+Missing direct file access protection
#877Super RSS Reader – Add attractive RSS Feed Widget7624510k+Output is not escaped
#878Contact Form 7 Text CAPTCHA7614341k+Non-prefixed global variable
#879Self-Hosted Google Fonts77351130k+Text Domain Mismatch
#880Taggbox – Free Social Media Widgets, Review Badges & Shoppable UGC77231131k+Direct Query
#881Lorem Ipsum Generator7779500Missing direct file access protection
#882Interact: Embed A Quiz On Your Site786133k+Request data is not unslashed
#883Cresta Help Chat806610k+Output is not escaped
#884Docxpresso809142k+Input is not sanitized
#885Image Captcha For Gravity Forms802010400Text Domain Mismatch
#886BinancePay Checkout for WooCommerce84514900Input is not validated
#887BNE Gallery Extended86801k+Unsafe printing function
#888Extra Styling for MemberPress86647500Text Domain Mismatch
#889A Random Number8935800Non-prefixed function
#890reBusted!91736k+Missing direct file access protection
#891Tumblr Importer917910k+wp function not compatible with requires wp
#892Image Hotspot With Tooltip For WPBakery Page Builder (formerly Visual Composer)926112400Text Domain Mismatch
#893Drag and Drop File Upload for Elementor Forms942911k+curl curl setopt
#894Easy Theme and Plugin Upgrades94292070k+Discouraged PHP function
#895Hide WordPress Version9654400trademarked term
#896SoundCloud Shortcode97615k+Missing Arg Domain