Does Random Content have any unpatched vulnerabilities?

No. All known vulnerabilities in Random Content have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Random Content compatible with WordPress 6.9.4?

According to WordPress.org data, Random Content 1.6.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Random Content updated?

Random Content was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Random Content's security score?

Random Content has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Random Content Security & Risk Analysis

wordpress.org/plugins/random-content

Display random content anywhere on your WordPress site. Rotate testimonials, banners, CTAs, and more with a simple shortcode or widget.

3K active installs v1.6.4 PHP + WP 5.0.1+ Updated Mar 11, 2026

content-rotationdynamic-contentrandom-contentrotating-contenttestimonials

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Random Content Safe to Use in 2026?

Generally Safe

Score 100/100

Random Content has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago

Risk Assessment

The "random-content" plugin v1.6.4 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as the absence of dangerous functions, file operations, and external HTTP requests, and a decent output escaping rate of 74%, there are significant concerns regarding its attack surface and SQL query handling. The presence of one unprotected REST API route presents a direct entry point for potential exploitation without proper authorization checks. Furthermore, 100% of its SQL queries are not using prepared statements, which is a critical vulnerability that could lead to SQL injection attacks if any data from user input is incorporated into these queries. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting it may have been developed with security in mind or has not yet been a target. However, the static analysis findings highlight potential weaknesses that could be exploited regardless of past vulnerability records.

Key Concerns

REST API route without permission callback
100% of SQL queries use no prepared statements

Vulnerabilities

None known

Random Content Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Random Content Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

74% escaped46 total outputs

Attack Surface

1 unprotected

Random Content Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_rc_dismiss_pro_bannerclass-random-content.php:108

REST API Routes 1

GET/wp-json/random-content/v1/postsclass-random-content.php:119

Shortcodes 2

[random] class-random-content.php:81

[random_content] class-random-content.php:83

WordPress Hooks 16

actioninitclass-random-content.php:74

actioninitclass-random-content.php:76

actioninitclass-random-content.php:78

actionwidgets_initclass-random-content.php:85

filtermanage_edit-endo_wrc_group_columnsclass-random-content.php:87

filtermanage_endo_wrc_group_custom_columnclass-random-content.php:89

actionrest_api_initclass-random-content.php:92

actionwp_footerclass-random-content.php:93

actionsave_post_endo_wrc_cptclass-random-content.php:96

actiondelete_postclass-random-content.php:97

actionedited_endo_wrc_groupclass-random-content.php:98

actiondelete_endo_wrc_groupclass-random-content.php:99

actionadd_meta_boxes_endo_wrc_cptclass-random-content.php:103

actionadmin_noticesclass-random-content.php:104

actionadmin_menuclass-random-content.php:105

actionadmin_enqueue_scriptsclass-random-content.php:107

Maintenance & Trust

Random Content Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version

Downloads54K

Community Trust

Rating98/100

Number of ratings34

Active installs3K

Alternatives

Random Content Alternatives

Content Randomizer – Rotate Any Block

blocks-randomizer

100

Rotate and display random content blocks on every page load. Perfect for testimonials, CTAs, and dynamic content. Works with any block type.

50 No CVEs

Cycle Block

ghostlabs-cycle-block-lite

100

Cycle Block is a lightweight and powerful Gutenberg block plugin that lets you display different content on each page load.

0 No CVEs

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs

Rich Showcase for Google Reviews

widget-google-reviews

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

Developer Profile

Random Content Developer Profile

Jeremy Green

4 plugins · 3K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Random Content

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/random-content/js/random-content.js

Script Paths