diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 3e7043ed2..9f4562b1c 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -3,6 +3,9 @@
 if (isset($_GET['action'])) {
 	$standalone = 1;
 	require_once('admin-header.php');
+
+	check_admin_referer();
+
 	if ('activate' == $_GET['action']) {
 		$current = "\n" . get_settings('active_plugins') . "\n";
 		$current = preg_replace("|(\n)+\s*|", "\n", $current);