diff --git a/uc_bulk_stock_updater.inc b/uc_bulk_stock_updater.inc
index 3fa766a..c39f3b8 100644
--- a/uc_bulk_stock_updater.inc
+++ b/uc_bulk_stock_updater.inc
@@ -84,10 +84,14 @@ function uc_bulk_stock_updater_stock_update() {
     // for filtering purposes
     $filter_val = implode('__',array_map('drupal_strtolower', $filter_val));
     
+    // Add a token based on the product sku.
+    $id = strtolower(str_replace(" ", "-", $stock->sku));
+    $token = drupal_get_token($id);
+
     // Construct the data row
     $data_row = array(
       array('data' => "<span id='$filter_val'>$stock->sku</span>"),
-      array('data' => l($stock->title, 'node/' . $stock->nid)),
+      array('data' => l($stock->title, 'node/' . $stock->nid) . theme_hidden(array('#id' => 'token-' . $id, '#value' => $token))),
     );
     
     // construct stock editable fields
@@ -158,11 +162,14 @@ function uc_bulk_stock_updater_stock_update_ajax() {
   $sku = empty($_POST['sku']) ? FALSE : $_POST['sku'];
   $name = $_POST['name'];
   $value = $_POST['value'];
+  $token = $_POST['token'];
   
   // validate and sanitize
   $value = BulkStockUpdater::sanitize_field($name, $value);
   
-  if (FALSE === $sku || FALSE === $value) {
+  $id = strtolower(str_replace(" ", "-", $sku));
+
+  if (FALSE === $sku || FALSE === $value || $_POST['token'] != drupal_get_token($id)) {
   	$err = t('Invalid parameters supplied');
   } 
   else {
diff --git a/uc_bulk_stock_updater.js b/uc_bulk_stock_updater.js
index cb3ee0d..4c3359d 100644
--- a/uc_bulk_stock_updater.js
+++ b/uc_bulk_stock_updater.js
@@ -77,6 +77,9 @@ function uc_bulk_stock_updater_submitValue(inputElem)
 	var _sku = _parentTR.children("td:first").text();
 	var _name = $(inputElem).attr("name");
 	var _value = $(inputElem).val();
+  var _id = _sku.replace(/\s/g, '-').toLowerCase();
+  var _token = $("#token-"+_id).val();
+
 
 	// reset error msgs
 	$(inputElem)
@@ -90,7 +93,7 @@ function uc_bulk_stock_updater_submitValue(inputElem)
 		url : Drupal.settings.uc_bulk_stock_updater.ajax_url,
 		type: 'POST',
 		timeout : 3000,
-		data : { sku: _sku, name: _name, value: _value },
+		data : { sku: _sku, name: _name, value: _value, token: _token },
 		dataType : "json",
 	    error : function(_XMLHttpRequest, _textStatus, _errorThrown)
 	    {