Last modified: 2006-02-22 21:10:14 UTC
Parts of the validation mechanism is restricted to bureaucrats. Several parts of the facility do not check for a valid wpEditToken, making it vulnerable to cross-site request forgery (CSRF). Basically, by tricking a privileged user into clicking on a link or submitting a malicious form, someone could for example change the set of topics.
Added a token in HEAD. Not sure if it's worthfull as it seems the page from Special pages :(
Referenced special page has been removed from CVS; the validation feature as described is no longer present.