WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

  • Use `wp_rand()` for ordinary WordPress randomness.
  • Use PHP cryptographic randomness for security-sensitive tokens.
  • Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#401Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid256561,5065k+Non-prefixed global variable
#402Bulk Page Generator – LPagery256701,9263k+Non-prefixed global variable
#403Media Cleaner: Clean your WordPress!2515139190k+Direct Query
#404Media Cloud Sync251,0952741k+Exception output is not escaped
#405Create251,5587696k+Text Domain Mismatch
#406Multibanco / MB Way / Payshop / Cofidis Pay (by LUSOPAY) for WooCommerce25492216400Text Domain Mismatch
#407NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar2525740040k+Non-prefixed hook name
#408PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin251,0841,2969k+Non-prefixed global variable
#409QuadMenu – Mega Menu252,12845510k+Output is not escaped
#410Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin2596073860k+Text Domain Mismatch
#411Sitemap by click5252861326k+Unsafe printing function
#412Affiliate Program Suite — SliceWP Affiliates251,2912,08910k+Output is not escaped
#413Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management2536692310k+SQL query is not prepared
#414Themify Event Post253971433k+Output is not escaped
#415Timeline Express255311479k+Text Domain Mismatch
#416Toocheke Companion254091,1141k+Non-prefixed global variable
#417Spectra Gutenberg Blocks – Website Builder for the Block Editor252533,2271m+Non-prefixed global variable
#418Vayu Blocks – Website Builder for the Gutenberg Block Editor251742331k+Text Domain Mismatch
#419VikAppointments Services Booking Calendar259,7535,207500Output is not escaped
#420VikBooking Hotel Booking Engine & PMS2513,2448,3148k+Output is not escaped
#421VikRentCar Car Rental Management System255,5375,0484k+Non-prefixed global variable
#422VikRestaurants Table Reservations and Take-Away2511,6444,932600Output is not escaped
#423Product Customer List for WooCommerce256101,3349k+Non-prefixed global variable
#424Payment Plugins for Stripe WooCommerce25348779100k+Non-prefixed global variable
#425WP Airbnb Review Slider253256461k+Non-prefixed global variable
#426Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals2513735360k+Input is not sanitized
#427Nested Pages2567456090k+Non-prefixed global variable
#428Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF2515811860k+Non-prefixed global variable
#429Smush – Image Optimization, Compression, Lazy Load, WebP & CDN252525661m+Non-prefixed hook name
#430Wp Social Login and Register Social Counter258073890k+Non-prefixed global variable
#431WP Time Slots Booking Form254391,1371k+Non-prefixed global variable
#432WP TripAdvisor Review Slider259582,0588k+Non-prefixed global variable
#433WP Yelp Review Slider254296451k+Non-prefixed global variable
#434WPvivid — Backup, Migration & Staging258991,461900k+Non-prefixed namespace
#435Video Gallery – YouTube Gallery, Playlist & Video Grid252751,0662k+Non-prefixed hook name
#436AI Content Writing Assistant261,069516700Text Domain Mismatch
#437Blog Floating Button267052409k+Output is not escaped
#438Database for Contact Form 7, WPforms, Elementor forms2631748960k+Non-prefixed global variable
#439Accept Donations with PayPal & Stripe2691657210k+Unsafe printing function
#440FV Antispam26332239900Output is not escaped
#441Hide Admin Bar Based on User Roles265491,34520k+Non-prefixed global variable
#442Landing Page Cat – Coming Soon & Maintenance Pages2691180600Non-prefixed class
#443Media File Renamer: Rename for better SEO (AI-Powered)2615417040k+Direct Query
#444Hotel Booking266909404k+Unsafe printing function
#445Online Contact Widget-多合一在线客服插件2670880800Non Singular String Literal Domain
#446Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress26525240600Text Domain Mismatch
#447RestaurantPress26265518600Output is not escaped
#448Send Users Email – Email Subscribers, Email Marketing Newsletter261884155k+Non-prefixed global variable
#449Ultimate Reviews26515345400Output is not escaped
#450VikWidgetsLoader – Collection of Widgets261,2115301k+Output is not escaped