WordPress.WP.AlternativeFunctions.rand_seeding_mt_srand
rand seeding mt srand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | wpForo Forum | 17 | 4,033 | 2,922 | 20k+ | Unsafe Printing Function | |
| #2 | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | 19 | 1,218 | 901 | 100k+ | Exception Not Escaped | |
| #3 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output Not Escaped | |
| #4 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | Non Prefixed Variable Found | |
| #5 | Ezoic | 23 | 432 | 516 | 10k+ | Output Not Escaped | |
| #6 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non Prefixed Variable Found | |
| #7 | WHMCS Bridge | 23 | 247 | 472 | 4k+ | Recommended | |
| #8 | Iptanus File Upload | 24 | 509 | 1,325 | 10k+ | Non Prefixed Function Found | |
| #9 | Contact Form Email | 25 | 409 | 898 | 9k+ | Non Prefixed Variable Found | |
| #10 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | Non Singular String Literal Domain | |
| #11 | Plover Kit – Blocks, Patterns, Responsive Layout and Gutenberg Editor Enhancements | 25 | 685 | 1,382 | 3k+ | Non Prefixed Variable Found | |
| #12 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output Not Escaped | |
| #13 | DoLogin Security | 29 | 312 | 305 | 7k+ | Output Not Escaped | |
| #14 | Invisible reCaptcha for WordPress | 30 | 90 | 185 | 80k+ | Input Not Sanitized | |
| #15 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 9k+ | Missing Unslash | |
| #16 | Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation | 37 | 42 | 33 | 10k+ | Output Not Escaped | |
| #17 | RSS Feed Retriever | 61 | 23 | 8 | 7k+ | wp function not compatible with requires wp |
