diff --git a/admin/setup_mvp.php b/admin/setup_mvp.php
index 457db23..4e7879f 100644
--- a/admin/setup_mvp.php
+++ b/admin/setup_mvp.php
@@ -37,17 +37,22 @@ $form = new Form($db);
 // Handle form submission
 $action = GETPOST('action', 'alpha');
 if ($action == 'update_mappings') {
-    $ca3_definitions = $config->getCA3LineDefinitions();
-    
-    foreach ($ca3_definitions as $line => $definition) {
-        $account_codes = GETPOST('account_codes_' . $line, 'array');
+    // CSRF protection
+    if (!checkToken()) {
+        setEventMessages($langs->trans("ErrorCSRFToken"), null, 'errors');
+    } else {
+        $ca3_definitions = $config->getCA3LineDefinitions();
         
-        if (!empty($account_codes)) {
-            $config->updateAccountMapping($line, $account_codes);
+        foreach ($ca3_definitions as $line => $definition) {
+            $account_codes = GETPOST('account_codes_' . $line, 'array');
+            
+            if (!empty($account_codes)) {
+                $config->updateAccountMapping($line, $account_codes);
+            }
         }
+        
+        setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
     }
-    
-    setEventMessages($langs->trans("ConfigurationUpdated"), null, 'mesgs');
 }
 
 // Get current mappings
@@ -72,6 +77,7 @@ print '</div><br>';
 // Print configuration form
 print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">';
 print '<input type="hidden" name="action" value="update_mappings">';
+print '<input type="hidden" name="token" value="' . newToken() . '">';
 
 print '<div class="fiche">';
 print '<div class="titre">' . $langs->trans("DeclarationTVAPCGMapping") . '</div>';
diff --git a/langs/en_US/declarationtva.lang b/langs/en_US/declarationtva.lang
index cec0999..828dc0e 100644
--- a/langs/en_US/declarationtva.lang
+++ b/langs/en_US/declarationtva.lang
@@ -369,3 +369,4 @@ AccountSelection = Account Selection
 SelectedAccounts = Selected Accounts
 AccountCount = Account Count
 MultiSelectHelp = Hold Ctrl (or Cmd on Mac) to select multiple accounts
+ErrorCSRFToken = Security token error. Please try again.
diff --git a/langs/fr_FR/declarationtva.lang b/langs/fr_FR/declarationtva.lang
index 6af63b9..356edbf 100644
--- a/langs/fr_FR/declarationtva.lang
+++ b/langs/fr_FR/declarationtva.lang
@@ -358,3 +358,4 @@ AccountSelection = Sélection de comptes
 SelectedAccounts = Comptes sélectionnés
 AccountCount = Nombre de comptes
 MultiSelectHelp = Maintenez Ctrl (ou Cmd sur Mac) pour sélectionner plusieurs comptes
+ErrorCSRFToken = Erreur de jeton de sécurité. Veuillez réessayer.