WP-Safety

SeaSP Community Edition Security & Risk Analysis

wordpress.org/plugins/sea-sp-community-edition

SeaSP Community Edition is an automated Content Security Policy Manager. SeaSP allows you to create, configure, manage, and deploy a Content Security …

20 active installs v1.8.3 PHP 7.0+ WP 5.1+ Updated Jul 19, 2021
content-security-policycsphttp-headerssecurity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SeaSP Community Edition Safe to Use in 2026?

Generally Safe

Score 85/100

SeaSP Community Edition has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "sea-sp-community-edition" v1.8.3 plugin exhibits a generally positive security posture with several key strengths. The static analysis reveals a complete absence of unprotected entry points across AJAX handlers, REST API routes, and shortcodes, which is an excellent foundation for security. The plugin also avoids dangerous functions and file operations, further reducing potential attack vectors. Furthermore, the vulnerability history is clean, with no known CVEs, indicating a potentially stable and well-maintained codebase over time.

However, there are areas for improvement. While the majority of SQL queries use prepared statements, the 21% that do not could pose a risk of SQL injection if these queries involve user-supplied input without proper sanitization. The most significant concern arises from the low rate of properly escaped output (32%). This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, as untrusted data could be rendered directly in the browser without sufficient encoding. The presence of external HTTP requests, while not inherently a vulnerability, warrants careful review to ensure they are made to trusted sources and handle responses securely.

In conclusion, "sea-sp-community-edition" v1.8.3 is built on a strong security framework with robust access control on its entry points and a clean vulnerability history. The primary weakness lies in its insufficient output escaping, creating a notable risk of XSS attacks. Addressing this specific issue and carefully reviewing the unescaped SQL queries would significantly enhance the plugin's security.

Key Concerns

  • Low rate of proper output escaping
  • SQL queries not using prepared statements
Vulnerabilities
None known

SeaSP Community Edition Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SeaSP Community Edition Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
63 prepared
Unescaped Output
49
23 escaped
Nonce Checks
9
Capability Checks
4
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

79% prepared80 total queries

Output Escaping

32% escaped72 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
Blue_Triangle_Automated_CSP_Free_Approve (src\controllers\Ajax.php:254)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SeaSP Community Edition Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_Blue_Triangle_Automated_CSP_Free_Approve_SUBDOMAINsrc\controllers\Ajax.php:2
authwp_ajax_Blue_Triangle_Automated_CSP_Free_SUBDOMAIN_TABLEsrc\controllers\Ajax.php:53
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Csp_Modesrc\controllers\Ajax.php:154
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Csp_Usage_Updatesrc\controllers\Ajax.php:173
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Csp_Delaysrc\controllers\Ajax.php:219
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Csp_Error_Modesrc\controllers\Ajax.php:236
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Approvesrc\controllers\Ajax.php:253
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Directive_Optionssrc\controllers\Ajax.php:307
authwp_ajax_Blue_Triangle_Automated_CSP_Free_Send_CSPsrc\controllers\Ajax.php:392
noprivwp_ajax_Blue_Triangle_Automated_CSP_Free_Send_CSPsrc\controllers\Ajax.php:393
WordPress Hooks 7
actionactivated_pluginBluetriangle-free-csp.php:513
actionsend_headersBluetriangle-free-csp.php:548
actionwp_headBluetriangle-free-csp.php:562
actionadmin_menuBluetriangle-free-csp.php:625
actionadmin_noticesBluetriangle-free-csp.php:1022
actionBlue_Triangle_Automated_CSP_Free_Cron_UpdateBluetriangle-free-csp.php:1066
actionplugins_loadedBluetriangle-free-csp.php:1135

Scheduled Events 1

Blue_Triangle_Automated_CSP_Free_Cron_Update
Maintenance & Trust

SeaSP Community Edition Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJul 19, 2021
PHP min version7.0
Downloads4K

Community Trust

Rating94/100
Number of ratings3
Active installs20
Alternatives

SeaSP Community Edition Alternatives

HTTP Headers

HTTP Headers

http-headers

A
91

HTTP Headers adds CORS & security HTTP headers to your website.

50K 4 CVEs
Content Security Policy Manager

Content Security Policy Manager

csp-manager

A
85

Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors

2K No CVEs
GD Security Headers

GD Security Headers

gd-security-headers

A
91

Configure various security-related HTTP headers, including CSP, XSS, Referrer Policy and more.

1K 2 CVEs
No unsafe-inline

No unsafe-inline

no-unsafe-inline

A
100

No unsafe-inline helps you to build a Content Security Policy avoiding to use 'unsafe-inline' and 'unsafe-hashes'.

200 No CVEs
CSP Friendly Security

CSP Friendly Security

csp-antsst

A
100

Adds a CSP header compatible with most WP plugins without breaking styles.

100 No CVEs
Developer Profile

SeaSP Community Edition Developer Profile

bluetriangle

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SeaSP Community Edition

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sea-sp-community-edition/assets/css/main.css/wp-content/plugins/sea-sp-community-edition/assets/css/report.css/wp-content/plugins/sea-sp-community-edition/assets/css/settings.css/wp-content/plugins/sea-sp-community-edition/assets/js/CSP.js/wp-content/plugins/sea-sp-community-edition/assets/js/CSP_API.js/wp-content/plugins/sea-sp-community-edition/assets/js/CSP_Settings.js/wp-content/plugins/sea-sp-community-edition/assets/js/main.js/wp-content/plugins/sea-sp-community-edition/assets/js/reports.js+1 more
Script Paths
/wp-content/plugins/sea-sp-community-edition/assets/js/CSP.js/wp-content/plugins/sea-sp-community-edition/assets/js/CSP_API.js/wp-content/plugins/sea-sp-community-edition/assets/js/CSP_Settings.js/wp-content/plugins/sea-sp-community-edition/assets/js/main.js/wp-content/plugins/sea-sp-community-edition/assets/js/reports.js/wp-content/plugins/sea-sp-community-edition/assets/js/scripts.js
Version Parameters
sea-sp-community-edition/assets/css/main.css?ver=sea-sp-community-edition/assets/css/report.css?ver=sea-sp-community-edition/assets/css/settings.css?ver=sea-sp-community-edition/assets/js/CSP.js?ver=sea-sp-community-edition/assets/js/CSP_API.js?ver=sea-sp-community-edition/assets/js/CSP_Settings.js?ver=sea-sp-community-edition/assets/js/main.js?ver=sea-sp-community-edition/assets/js/reports.js?ver=sea-sp-community-edition/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
seasp_report_containerseasp_settings_containerseasp-directive-rowseasp-directive-inputseasp-plugin-settings-tableseasp-log-table
HTML Comments
<!-- Generated by Sea SP Community Edition --><!-- Begin Sea SP Settings --><!-- End Sea SP Settings --><!-- Begin Sea SP Reports -->+1 more
Data Attributes
data-seasp-directivedata-seasp-option
JS Globals
seaspConfigseaspReportsseaspSettings
REST Endpoints
/wp-json/seaspc/v1/settings/wp-json/seaspc/v1/reports/wp-json/seaspc/v1/csp-data
Shortcode Output
[seasp_reports][seasp_settings]
FAQ

Frequently Asked Questions about SeaSP Community Edition