I have a doubt with a md5 function. I know that the function is insecure and is not recomended. So the issue here is that they use for generate a token with date and they use rand that is not secure too and that is another finding
$token = md5(date('Y-m-d H:i:s') . mt_rand());
they also use this function to generate qr-id like this:
“idqr” => md5($user->ID)
Is any of these usages of the PHP functions md5 and mt_rand a vulnerability?
thanks your help is always very useful