Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php	(revision 7537)
+++ /controller/wpsg_AdminController.class.php	(revision 7538)
@@ -2143,7 +2143,8 @@
 
 			}
-			else if (@$_REQUEST['subaction'] == 'presentation')
-			{
-
+			else if (@$_REQUEST['subaction'] == 'presentation') {
+				
+				\check_admin_referer('wpsg-save-admin-presentation');
+				
 			    $this->update_option('wpsg_imagehandler_basketimage', $_REQUEST['wpsg_imagehandler_basketimage'], false, false, WPSG_SANITIZE_CHECKBOX);
 				$this->update_option('wpsg_imagehandler_overviewimage', $_REQUEST['wpsg_imagehandler_overviewimage'], false, false, WPSG_SANITIZE_CHECKBOX);
Index: /views/admin/presentation.phtml
===================================================================
--- /views/admin/presentation.phtml	(revision 7537)
+++ /views/admin/presentation.phtml	(revision 7538)
@@ -19,5 +19,7 @@
 <div class="wpsg_admin_content form-horizontal">
 	<form name="form1" method="post" enctype="multipart/form-data" action="<?php echo wpsg_hspc(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&subaction=presentation&noheader=1'); ?>">
-
+		
+		<?php \wp_nonce_field('wpsg-save-admin-presentation'); ?>
+		
 		<div class="panel panel-default">
 			<div class="panel-heading clearfix">