WP-Safety

Content Randomizer Security & Risk Analysis

wordpress.org/plugins/content-randomizer

This plugin allows you to add texts, images, videos and display them in a random order or slideshow.

200 active installs v1.2.3 PHP + WP 3.0.1+ Updated Jan 21, 2018
featuredjokequoterandomtext
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Content Randomizer Safe to Use in 2026?

Generally Safe

Score 85/100

Content Randomizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'content-randomizer' plugin v1.2.3 exhibits a mixed security posture. On the positive side, it has a limited attack surface with no AJAX handlers or REST API routes exposed without authentication. The absence of known vulnerabilities in its history is also a strong indicator of good past security practices. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are generally good security indicators.

However, several significant concerns are present in the static analysis. The use of the `create_function` function is a critical security risk as it can lead to arbitrary code execution if user-supplied input is passed to it without proper sanitization. Additionally, the output escaping is significantly lacking, with only 21% of outputs properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.

The lack of nonce checks and capability checks on its entry points (shortcodes) is also a notable weakness. While the attack surface is small, the presence of 4 shortcodes without any authorization checks means that any authenticated user, or potentially even unauthenticated users depending on context, could trigger unintended actions or expose sensitive information. The limited taint analysis does not provide a full picture, but the presence of dangerous functions and poor output escaping are enough to warrant significant caution.

Key Concerns

  • Use of dangerous function create_function
  • Low percentage of properly escaped output
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Content Randomizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Content Randomizer Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
38
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functioncreate_function('', 'return register_widget("Randomizer_Widget");')includes\widgets.php:234
create_functioncreate_function('', 'return register_widget("RandomizerSlideshow_Widget");')includes\widgets.php:237

Output Escaping

21% escaped48 total outputs
Attack Surface

Content Randomizer Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[elm_random] includes\shortcodes.php:23
[elm_random] includes\shortcodes.php:45
[elm_slideshow] includes\shortcodes.php:46
[elm_randomtext] includes\shortcodes.php:49
WordPress Hooks 11
actionadmin_initincludes\permalink-settings.php:15
actionwidgets_initincludes\widgets.php:233
actionwidgets_initincludes\widgets.php:236
actioninitrandomizer.php:6
actioninitrandomizer.php:7
actionadd_meta_boxesrandomizer.php:9
actionsave_postrandomizer.php:10
actionadmin_enqueue_scriptsrandomizer.php:11
actionwp_enqueue_scriptsrandomizer.php:12
actionadmin_footerrandomizer.php:13
actionwp_footerrandomizer.php:14
Maintenance & Trust

Content Randomizer Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 21, 2018
PHP min version
Downloads8K

Community Trust

Rating100/100
Number of ratings6
Active installs200
Alternatives

Content Randomizer Alternatives

WP Random Post Thumbnails

WP Random Post Thumbnails

wp-random-post-thumbnails

A
100

Allows you to select images to be shown at random for posts without a featured image.

1K No CVEs
wpuntexturize

wpuntexturize

wpuntexturize

A
100

Prevent WordPress from converting single and double quotation marks into their curly alternatives.

900 No CVEs
Easy Quotes

Easy Quotes

easy-quotes

A
97

Collect and show your favorite Quotes / Reviews / Testimonials or any other short snippet of Text.

700 2 CVEs
Easy Random Quotes

Easy Random Quotes

easy-random-quotes

A
85

Insert quotes and pull them randomly into your pages and posts (via shortcodes) or your template (via template tags).

500 No CVEs
Simple Note

Simple Note

simple-note

A
100

The plugin allows you to create colored text notes in the new block editor.

500 No CVEs
Developer Profile

Content Randomizer Developer Profile

Dominykas

2 plugins · 200 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Content Randomizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-randomizer/css/randomizer.css/wp-content/plugins/content-randomizer/js/randomizer.js/wp-content/plugins/content-randomizer/css/owl.carousel.min.css/wp-content/plugins/content-randomizer/css/owl.theme.default.min.css/wp-content/plugins/content-randomizer/js/owl.carousel.min.js
Script Paths
/wp-content/plugins/content-randomizer/js/randomizer.js
Version Parameters
content-randomizer/css/randomizer.css?ver=content-randomizer/js/randomizer.js?ver=content-randomizer/css/owl.carousel.min.css?ver=content-randomizer/css/owl.theme.default.min.css?ver=content-randomizer/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
randomizer-slideshowdate-input
HTML Comments
<!-- Date range -->
Data Attributes
data-date-fromdata-date-to
JS Globals
elm_rt_vars
Shortcode Output
[content_randomizer][random_content][random_image][random_video]
FAQ

Frequently Asked Questions about Content Randomizer