diff --git a/wp-admin/post.php b/wp-admin/post.php index c945be13ce..0ea17be8cd 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -77,6 +77,8 @@ case 'edit': break; case 'editattachment': + check_admin_referer(); + $post_id = (int) $_POST['post_ID']; // Don't let these be changed