WordPress.WP.AlternativeFunctions.rand_rand
rand rand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid | 25 | 656 | 1,506 | 5k+ | Non-prefixed global variable | ||
| #402 | Bulk Page Generator – LPagery | 25 | 670 | 1,926 | 3k+ | Non-prefixed global variable | ||
| #403 | Media Cleaner: Clean your WordPress! | 25 | 151 | 391 | 90k+ | Direct Query | ||
| #404 | Media Cloud Sync | 25 | 1,095 | 274 | 1k+ | Exception output is not escaped | ||
| #405 | Create | 25 | 1,558 | 769 | 6k+ | Text Domain Mismatch | ||
| #406 | Multibanco / MB Way / Payshop / Cofidis Pay (by LUSOPAY) for WooCommerce | 25 | 492 | 216 | 400 | Text Domain Mismatch | ||
| #407 | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | 25 | 257 | 400 | 40k+ | Non-prefixed hook name | ||
| #408 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | Non-prefixed global variable | ||
| #409 | QuadMenu – Mega Menu | 25 | 2,128 | 455 | 10k+ | Output is not escaped | ||
| #410 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | 25 | 960 | 738 | 60k+ | Text Domain Mismatch | ||
| #411 | Sitemap by click5 | 25 | 286 | 132 | 6k+ | Unsafe printing function | ||
| #412 | Affiliate Program Suite — SliceWP Affiliates | 25 | 1,291 | 2,089 | 10k+ | Output is not escaped | ||
| #413 | Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management | 25 | 366 | 923 | 10k+ | SQL query is not prepared | ||
| #414 | Themify Event Post | 25 | 397 | 143 | 3k+ | Output is not escaped | ||
| #415 | Timeline Express | 25 | 531 | 147 | 9k+ | Text Domain Mismatch | ||
| #416 | Toocheke Companion | 25 | 409 | 1,114 | 1k+ | Non-prefixed global variable | ||
| #417 | Spectra Gutenberg Blocks – Website Builder for the Block Editor | 25 | 253 | 3,227 | 1m+ | Non-prefixed global variable | ||
| #418 | Vayu Blocks – Website Builder for the Gutenberg Block Editor | 25 | 174 | 233 | 1k+ | Text Domain Mismatch | ||
| #419 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | Output is not escaped | ||
| #420 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | Output is not escaped | ||
| #421 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | Non-prefixed global variable | ||
| #422 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | Output is not escaped | ||
| #423 | Product Customer List for WooCommerce | 25 | 610 | 1,334 | 9k+ | Non-prefixed global variable | ||
| #424 | Payment Plugins for Stripe WooCommerce | 25 | 348 | 779 | 100k+ | Non-prefixed global variable | ||
| #425 | WP Airbnb Review Slider | 25 | 325 | 646 | 1k+ | Non-prefixed global variable | ||
| #426 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | Input is not sanitized | ||
| #427 | Nested Pages | 25 | 674 | 560 | 90k+ | Non-prefixed global variable | ||
| #428 | Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF | 25 | 158 | 118 | 60k+ | Non-prefixed global variable | ||
| #429 | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 25 | 252 | 566 | 1m+ | Non-prefixed hook name | ||
| #430 | Wp Social Login and Register Social Counter | 25 | 80 | 738 | 90k+ | Non-prefixed global variable | ||
| #431 | WP Time Slots Booking Form | 25 | 439 | 1,137 | 1k+ | Non-prefixed global variable | ||
| #432 | WP TripAdvisor Review Slider | 25 | 958 | 2,058 | 8k+ | Non-prefixed global variable | ||
| #433 | WP Yelp Review Slider | 25 | 429 | 645 | 1k+ | Non-prefixed global variable | ||
| #434 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | Non-prefixed namespace | ||
| #435 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,066 | 2k+ | Non-prefixed hook name | ||
| #436 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | Text Domain Mismatch | ||
| #437 | Blog Floating Button | 26 | 705 | 240 | 9k+ | Output is not escaped | ||
| #438 | Database for Contact Form 7, WPforms, Elementor forms | 26 | 317 | 489 | 60k+ | Non-prefixed global variable | ||
| #439 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | Unsafe printing function | ||
| #440 | FV Antispam | 26 | 332 | 239 | 900 | Output is not escaped | ||
| #441 | Hide Admin Bar Based on User Roles | 26 | 549 | 1,345 | 20k+ | Non-prefixed global variable | ||
| #442 | Landing Page Cat – Coming Soon & Maintenance Pages | 26 | 91 | 180 | 600 | Non-prefixed class | ||
| #443 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 154 | 170 | 40k+ | Direct Query | ||
| #444 | Hotel Booking | 26 | 690 | 940 | 4k+ | Unsafe printing function | ||
| #445 | Online Contact Widget-多合一在线客服插件 | 26 | 708 | 80 | 800 | Non Singular String Literal Domain | ||
| #446 | Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress | 26 | 525 | 240 | 600 | Text Domain Mismatch | ||
| #447 | RestaurantPress | 26 | 265 | 518 | 600 | Output is not escaped | ||
| #448 | Send Users Email – Email Subscribers, Email Marketing Newsletter | 26 | 188 | 415 | 5k+ | Non-prefixed global variable | ||
| #449 | Ultimate Reviews | 26 | 515 | 345 | 400 | Output is not escaped | ||
| #450 | VikWidgetsLoader – Collection of Widgets | 26 | 1,211 | 530 | 1k+ | Output is not escaped |