Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php	(revision 7534)
+++ /controller/wpsg_AdminController.class.php	(revision 7535)
@@ -2359,4 +2359,6 @@
 				if (wpsg_isSizedArray($_REQUEST['wpsg_cap']))
 				{
+					
+					\check_admin_referer('wpsg-save-admin-access');
 
 					// Sanitization
Index: /views/admin/access.phtml
===================================================================
--- /views/admin/access.phtml	(revision 7534)
+++ /views/admin/access.phtml	(revision 7535)
@@ -19,5 +19,7 @@
 <div class="wpsg_admin_content form-horizontal">
 	<form name="form1" method="post" enctype="multipart/form-data" action="<?php echo wpsg_hspc(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&subaction='.$_REQUEST['subaction'].'&noheader=1'); ?>">
-
+		
+		<?php \wp_nonce_field('wpsg-save-admin-access'); ?>
+		
 		<?php global $wpdb; $arRoles = get_option($wpdb->prefix."user_roles"); ?>
 		
Index: /views/admin/widerrufsbelehrung.phtml
===================================================================
--- /views/admin/widerrufsbelehrung.phtml	(revision 7534)
+++ /views/admin/widerrufsbelehrung.phtml	(revision 7535)
@@ -20,5 +20,5 @@
 	<form name="form1" method="post" enctype="multipart/form-data" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Admin&amp;subaction=<?php echo $_REQUEST['subaction']; ?>&amp;noheader=1">
 
-        <?php wp_nonce_field('wpsg-save-revocation'); ?>
+        <?php \wp_nonce_field('wpsg-save-revocation'); ?>
         
 		<?php echo wpsg_drawForm_AdminboxStart(__('Widerruf', 'wpsg')); ?>