WordPress.WP.AlternativeFunctions.rand_seeding_srand
rand seeding srand
The plugin uses a random function that may not be appropriate for the task.
Why It Shows Up
The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.
Why It Matters
General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.
How to Fix
- Use `wp_rand()` for ordinary WordPress randomness.
- Use PHP cryptographic randomness for security-sensitive tokens.
- Avoid manual random seeding unless there is a narrow, documented reason.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages | 21 | 1,173 | 2,983 | 9k+ | Non Prefixed Variable Found | |
| #2 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,462 | 3,972 | 10k+ | Output Not Escaped | |
| #3 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception Not Escaped | |
| #4 | SEO Redirection Plugin – 301 Redirect Manager | 23 | 272 | 727 | 10k+ | Non Prefixed Variable Found | |
| #5 | Create | 25 | 1,558 | 767 | 6k+ | Text Domain Mismatch | |
| #6 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | Input Not Sanitized | |
| #7 | Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | 29 | 80 | 162 | 200k+ | Recommended | |
| #8 | WP125 | 31 | 178 | 184 | 3k+ | Unsafe Printing Function | |
| #9 | Paytm Payment Gateway | 35 | 92 | 104 | 3k+ | Missing Arg Domain | |
| #10 | Publish to Schedule | 37 | 195 | 43 | 4k+ | Text Domain Mismatch |
