WordPress.WP.AlternativeFunctions.rand_rand

rand rand

The plugin uses a random function that may not be appropriate for the task.

medium weight

Why It Shows Up

The scan found functions such as `rand()`, `mt_rand()`, `srand()`, or `mt_srand()`.

Why It Matters

General random functions are not suitable for security-sensitive tokens and manual seeding can reduce randomness.

How to Fix

Use `wp_rand()` for ordinary WordPress randomness.
Use PHP cryptographic randomness for security-sensitive tokens.
Avoid manual random seeding unless there is a narrow, documented reason.

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	Themify Builder	9	5,195	2,096	5k+	5 days ago	Text Domain Mismatch
#2	JetBackup – Backup, Restore & Migrate	10	1,559	145	100k+	2 months ago	Exception Not Escaped
#3	wpForo Forum	17	4,033	2,922	20k+	21 days ago	Unsafe Printing Function
#4	Prime Slider Addons for Elementor	18	3,500	230	100k+	6 days ago	Text Domain Mismatch
#5	Podlove Podcast Publisher	18	2,326	1,429	3k+	17 days ago	Output Not Escaped
#6	Shopping Cart & eCommerce Store	18	5,459	17,298	4k+	9 days ago	Non Prefixed Variable Found
#7	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#8	WP Directory Kit	18	2,119	2,617	2k+	2 months ago	Non Prefixed Variable Found
#9	Element Pack – Widgets, Templates & Addons for Elementor	19	9,448	517	100k+	5 days ago	Text Domain Mismatch
#10	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)	19	3,275	3,228	10k+	7 months ago	Output Not Escaped
#11	Matomo Analytics – Powerful, Privacy-First Insights for WordPress	19	1,909	878	100k+	5 days ago	Exception Not Escaped
#12	Realtyna Organic IDX plugin + WPL Real Estate	19	947	3,653	2k+	1 month ago	Non Prefixed Variable Found
#13	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	4 days ago	Missing Translators Comment
#14	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#15	Brizy – Page Builder	20	589	720	70k+	12 days ago	Output Not Escaped
#16	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	3 days ago	Output Not Escaped
#17	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	6 days ago	Output Not Escaped
#18	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#19	Nimble Page Builder	20	1,591	1,684	30k+	1 year ago	Missing Arg Domain
#20	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#21	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	1 month ago	Output Not Escaped
#22	Razorpay for WooCommerce	20	974	855	100k+	2 days ago	Non Prefixed Function Found
#23	WPJAM Basic	20	328	356	4k+	5 days ago	Output Not Escaped
#24	Backup Migration	21	981	1,093	80k+	16 days ago	Non Prefixed Variable Found
#25	CallTrackingMetrics	21	923	286	3k+	4 months ago	Unsafe Printing Function
#26	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#27	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	19 days ago	Text Domain Mismatch
#28	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#29	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	3 days ago	Direct Query
#30	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	yesterday	Non Prefixed Variable Found
#31	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	11 days ago	Output Not Escaped
#32	Campaign Monitor for WordPress	21	386	461	2k+	2 months ago	Non Prefixed Variable Found
#33	JCH Optimize	21	953	133	4k+	5 months ago	Output Not Escaped
#34	MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder	21	1,133	3,011	2k+	7 months ago	Non Prefixed Variable Found
#35	MotoPress Hotel Booking	21	3,061	1,037	10k+	6 days ago	Text Domain Mismatch
#36	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	19 days ago	Non Prefixed Variable Found
#37	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	11 days ago	Recommended
#38	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#39	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	13 days ago	Text Domain Mismatch
#40	Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic	21	327	181	10k+	2 years ago	Output Not Escaped
#41	Smart Forms – when you need more than just a contact form	21	776	574	5k+	1 month ago	Output Not Escaped
#42	ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	21	190	660	30k+	25 days ago	Non Prefixed Variable Found
#43	Revive Social – Social Media Auto Post and Scheduling Automation Plugin	21	255	425	20k+	1 month ago	Non Prefixed Hookname Found
#44	WCFM – Frontend Manager for WooCommerce	21	4,721	5,067	20k+	2 months ago	Non Prefixed Variable Found
#45	WebP Express	21	160	427	300k+	2 days ago	Non Prefixed Variable Found
#46	Wise Chat	21	470	506	5k+	3 months ago	Output Not Escaped
#47	Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools	21	786	3,395	30k+	4 days ago	Non Prefixed Variable Found
#48	Wordfence Security – Firewall, Malware Scan, and Login Security	21	1,592	2,973	5m+	1 month ago	Output Not Escaped
#49	WP-Lister Lite for eBay	21	6,697	5,129	2k+	18 days ago	Output Not Escaped
#50	WP phpMyAdmin	21	4,528	6,435	50k+	8 months ago	Missing Arg Domain