WordPress.WP.AlternativeFunctions.rand_mt_rand

rand mt rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

Use `wp_rand()` for ordinary WordPress randomness.
Use PHP cryptographic randomness for security-sensitive tokens.
Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	JetBackup – Backup, Restore & Migrate	10	1,559	145	100k+	2 months ago	Exception Not Escaped
#2	wpForo Forum	17	4,033	2,922	20k+	21 days ago	Unsafe Printing Function
#3	WPtouch – Make your WordPress Website Mobile-Friendly	17	1,466	325	50k+	7 months ago	Text Domain Mismatch
#4	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	9 days ago	Non Prefixed Variable Found
#5	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#6	WP Directory Kit	18	2,119	2,617	2k+	2 months ago	Non Prefixed Variable Found
#7	Element Pack – Widgets, Templates & Addons for Elementor	19	9,448	517	100k+	5 days ago	Text Domain Mismatch
#8	Download Monitor	19	425	1,364	80k+	5 days ago	Non Prefixed Hookname Found
#9	Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	19	1,218	901	100k+	12 days ago	Exception Not Escaped
#10	Realtyna Organic IDX plugin + WPL Real Estate	19	947	3,653	2k+	1 month ago	Non Prefixed Variable Found
#11	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	4 days ago	Missing Translators Comment
#12	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#13	Scrollsequence – Cinematic Scroll Image Animation Plugin	19	878	1,528	4k+	14 days ago	Non Prefixed Variable Found
#14	SendPress Newsletters	19	2,293	1,422	2k+	4 months ago	Output Not Escaped
#15	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	20	508	1,406	30k+	3 days ago	Non Prefixed Variable Found
#16	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	6 days ago	Output Not Escaped
#17	Brevo – Email, SMS, Web Push, Chat, and more.	20	460	646	100k+	2 months ago	Missing Unslash
#18	Microthemer Lite – Visual Editor to Customize CSS	20	1,004	1,699	10k+	2 months ago	Non Prefixed Variable Found
#19	Nimble Page Builder	20	1,591	1,684	30k+	1 year ago	Missing Arg Domain
#20	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#21	Razorpay for WooCommerce	20	974	855	100k+	2 days ago	Non Prefixed Function Found
#22	WPJAM Basic	20	328	356	4k+	5 days ago	Output Not Escaped
#23	Backup Migration	21	981	1,093	80k+	16 days ago	Non Prefixed Variable Found
#24	bbPress	21	929	3,672	100k+	12 months ago	Non Prefixed Function Found
#25	Pinpoint Booking System – Version 2	21	634	328	3k+	3 days ago	missing direct file access protection
#26	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#27	Smart Grid-Layout Design for Contact Form 7	21	1,126	734	10k+	1 month ago	Output Not Escaped
#28	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#29	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	3 days ago	Direct Query
#30	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	yesterday	Non Prefixed Variable Found
#31	FileOrganizer – WordPress File Manager	21	536	241	200k+	11 days ago	unlink unlink
#32	Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More	21	52	1,959	300k+	5 days ago	Non Prefixed Variable Found
#33	MotoPress Hotel Booking	21	3,061	1,037	10k+	6 days ago	Text Domain Mismatch
#34	OneLogin SAML SSO	21	508	330	7k+	6 months ago	wp function not compatible with requires wp
#35	Packeta	21	802	333	8k+	8 months ago	Exception Not Escaped
#36	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	19 days ago	Non Prefixed Hookname Found
#37	Razorpay Quick Payments	21	399	63	3k+	1 year ago	Exception Not Escaped
#38	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#39	Seamless Donations is Sunset	21	600	514	2k+	2 years ago	Text Domain Mismatch
#40	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#41	Accept Stripe Payments	21	373	882	20k+	2 months ago	Missing
#42	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found
#43	Buckaroo Woocommerce Payments Plugin	21	563	326	2k+	5 days ago	Exception Not Escaped
#44	WebP Express	21	160	427	300k+	2 days ago	Non Prefixed Variable Found
#45	Paysera Payment Gateway for WooCommerce	21	1,866	195	7k+	17 days ago	Exception Not Escaped
#46	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#47	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain
#48	wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin	21	1,354	1,140	70k+	13 days ago	Output Not Escaped
#49	Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots	22	1,604	2,019	10k+	11 days ago	Direct Query
#50	Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms	22	493	295	10k+	3 months ago	Text Domain Mismatch