Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php	(revision 7538)
+++ /controller/wpsg_AdminController.class.php	(revision 7539)
@@ -2173,10 +2173,10 @@
 
 			}
-			else if (@$_REQUEST['subaction'] == 'loadsavesettings')
-			{
-
-				if (isset($_REQUEST['wpsg_do']) && $_REQUEST['wpsg_do'] == 'downloadsettings')
-				{
-
+			else if (@$_REQUEST['subaction'] == 'loadsavesettings') {
+								
+				if (isset($_REQUEST['wpsg_do']) && $_REQUEST['wpsg_do'] == 'downloadsettings') {
+					
+					\check_admin_referer('wpsg-save-admin-loadsavesettings-download');
+					
 					$arSettings = $this->db->fetchAssoc("
 						SELECT
@@ -2230,7 +2230,9 @@
 
 				}
+				
+				\check_admin_referer('wpsg-save-admin-loadsavesettings');
 
 				if (wpsg_isSizedString($_FILES['wpsg_settings']['tmp_name'])) {
-				
+										
 					if (file_exists($_FILES['wpsg_settings']['tmp_name'])) {
 
Index: /views/admin/loadsavesettings.phtml
===================================================================
--- /views/admin/loadsavesettings.phtml	(revision 7538)
+++ /views/admin/loadsavesettings.phtml	(revision 7539)
@@ -11,5 +11,9 @@
 		<span class="list-group-head list-group-item"><?php echo __('Konfiguration'); ?></span>		
 		<?php foreach ($this->view['arSubAction'] as $k => $v) { ?>		 
-		<a class="list-group-item <?php echo (($k == $this->view['subAction'])?'active':''); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Admin&amp;subaction=<?php echo $k; ?>"><?php echo $v['Menutext']; ?></a>		
+		<a class="list-group-item <?php echo (($k == $this->view['subAction'])?'active':''); ?>" href="<?php 
+			 
+			echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Admin&amp;subaction=<?php echo $k; 
+			
+		?>"><?php echo $v['Menutext']; ?></a>		
 		<?php } ?>
 	</div> 
@@ -19,5 +23,7 @@
 <div class="wpsg_admin_content form-horizontal">
 	<form name="form1" method="post" enctype="multipart/form-data" action="<?php echo wpsg_hspc(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&subaction=loadsavesettings&noheader=1'); ?>">
-	
+		
+		<?php \wp_nonce_field('wpsg-save-admin-loadsavesettings'); ?>
+		
 		<div class="panel panel-default">
   			<div class="panel-heading clearfix">
@@ -27,5 +33,9 @@
 	
 				<?php echo wpsg_drawForm_TextStart(); ?>
-				<a href="<?php echo WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&subaction=loadsavesettings&noheader=1&wpsg_do=downloadsettings&submit=1'; ?>" title="<?php echo __('Einstellungen als XML Datei downloaden', 'wpsg'); ?>"><?php echo __('Download', 'wpsg'); ?></a>				
+				<a href="<?php 
+					
+					echo \wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&subaction=loadsavesettings&noheader=1&wpsg_do=downloadsettings&submit=1', 'wpsg-save-admin-loadsavesettings-download'); 
+					
+				?>" title="<?php echo __('Einstellungen als XML Datei downloaden', 'wpsg'); ?>"><?php echo __('Download', 'wpsg'); ?></a>				
 				<?php echo wpsg_drawForm_TextEnd(__('Einstellungen speichern', 'wpsg')); ?>