Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php	(revision 7549)
+++ /controller/wpsg_AdminController.class.php	(revision 7550)
@@ -1759,7 +1759,6 @@
 		 * Modulverwaltung
 		 */
-		public function moduleAction()
-		{
-
+		public function moduleAction() {
+						
 			if (isset($_REQUEST['noheader']) && $_REQUEST['noheader'] == '1' && !isset($_REQUEST['submit']))
 			{
@@ -2448,5 +2447,7 @@
 				if ($this->get_option($_REQUEST['modul'], $global) > 0 && $_REQUEST['aktiv'] == '1' && array_key_exists($_REQUEST['modul'], $this->shop->arModule))
 				{
-
+					
+					\check_admin_referer('wpsg-admin-submit-module-'.$_REQUEST['modul']);
+					
 					$this->shop->arModule[$_REQUEST['modul']]->settings_save();
 
Index: /views/admin/module.phtml
===================================================================
--- /views/admin/module.phtml	(revision 7549)
+++ /views/admin/module.phtml	(revision 7550)
@@ -42,4 +42,6 @@
 	<form name="form1" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Admin&amp;action=module&amp;modul=<?php echo $_REQUEST['modul']; ?>&amp;noheader=1" method="post" enctype="multipart/form-data">
 		 
+		<?php echo \wp_nonce_field('wpsg-admin-submit-module-'.$_REQUEST['modul']); ?>
+		
 		<p>